DocuBay Acceptable Use Policy (AUP)

Effective Date: 07 January 2025

This Acceptable Use Policy (the "AUP") governs your access to and use of the DocuBay platform, including https://docubay.ae, https://hub.docubay.ae, and any related subdomains, applications, portals, or services operated under the DocuBay brand (collectively, the "Platform"). This AUP forms part of, and is incorporated by reference into, the DocuBay Terms of Service (the "Terms"). Capitalized terms not defined here have the meanings given in the Terms.

1. Purpose and Legal Posture

DocuBay operates a business-facing digital platform that may involve sensitive documents, identification materials, corporate records, compliance workflows, and service routing to licensed third-party providers. This AUP exists to:

• (a) protect clients, vendors, and DocuBay from fraud, misuse, security risks, and regulatory exposure;
• (b) preserve Platform integrity, reliability, and lawful operation; and
• (c) set clear boundaries around acceptable conduct, content, data uploads, and communications.

2. Who This Applies To

This AUP applies to any person or entity using the Platform, including company owners, authorised representatives, employees, administrators, invited users, and any third party acting on your behalf (collectively, "you"). You are responsible for ensuring your team and authorised users comply with this AUP.

3. High-Level Rule

You may use the Platform only for lawful, legitimate business purposes and only in a manner consistent with the Terms, applicable UAE law, and any relevant authority or regulatory requirements.

4. Prohibited Conduct

You must not, and must not allow any person acting through your account to:

4.1 Fraud, deception, and misrepresentation

Use the Platform to submit, upload, provide, or circulate any information or documents that are false, forged, misleading, impersonated, unlawfully obtained, or materially incomplete, including (without limitation) passports, Emirates IDs, visas, trade licenses, establishment cards, bank letters, corporate resolutions, powers of attorney, invoices, and supporting evidence.

4.2 Unauthorised access and account misuse

Attempt to access any account, workspace, data, or system component that you are not authorised to access. This includes:

• (a) password sharing beyond authorised users;
• (b) using another person's credentials or OTP;
• (c) bypassing authentication, UAEPASS flows, or platform controls; or
• (d) creating accounts under false identity or without authority from the relevant company.

4.3 Illegal activity and prohibited use cases

Use the Platform to engage in or support unlawful conduct, including money laundering, terrorism financing, sanctions evasion, bribery, corruption, fraud, identity theft, or any activity prohibited under UAE law or applicable international sanctions laws.

4.4 Abuse of authority processes

Submit requests designed to manipulate, overload, or interfere with government, court, embassy, bank, insurer, or free zone processes, or to misuse authority portals. You must not instruct DocuBay or a vendor to "find a workaround" that conflicts with legal requirements.

4.5 Harassment, threats, and abusive behavior

Use the Platform (including messages, tickets, email, WhatsApp communications, or calls related to Platform Requests) to harass, intimidate, threaten, defame, or abuse DocuBay staff, vendor staff, or any third party.

4.6 Malware, exploitation, and technical attacks

Upload, transmit, or introduce any malware, spyware, trojans, ransomware, or harmful code. You must not:

• (a) attempt to probe, scan, or test system vulnerabilities;
• (b) interfere with the Platform's security or performance;
• (c) reverse engineer or attempt to extract source code, algorithms, or underlying models; or
• (d) exploit bugs or vulnerabilities for unauthorized benefit.

4.7 Scraping, automated extraction, and excessive load

Use scraping, bots, automated scripts, or other means to extract data from the Platform or to create excessive requests that degrade performance. Any automated access requires DocuBay's prior written authorisation.

4.8 IP infringement and misuse of third-party materials

Upload or share content that infringes third-party rights (copyright, trademarks, confidential information, or trade secrets), or use DocuBay branding or vendor branding in a misleading way.

4.9 Circumventing Platform routing and commercial framework

Where the Platform introduces you to vendors or coordinates Requests, you must not use the Platform to identify vendors and then bypass the Platform to transact outside it in a manner that breaches your Terms, vendor arrangements, or any non-circumvention commitments you have accepted.

5. Document and Data Rules

Because the Platform may store and route sensitive documents, you agree that:

5.1 Accuracy and authenticity

You are responsible for ensuring all submissions are accurate, complete, and authentic. If you upload incorrect documents, outdated records, or incomplete information, you accept the risk of rejection, delays, fines, or additional costs imposed by third parties.

5.2 Authority to upload third-party data

If you upload personal data or documents of employees, owners, directors, or any third party, you confirm you have a lawful basis and required consents/authorisations to do so. DocuBay may request proof of authority where necessary.

5.3 Prohibited data submissions

You must not upload content that:

• (a) contains unlawfully obtained personal data;
• (b) includes credentials intended to be kept secret beyond necessary portal access steps (unless explicitly required and secured by the Platform flow); or
• (c) is unrelated to business/compliance purposes and creates unnecessary privacy risk.

5.4 Sensitive data hygiene

Where the Platform allows notes or free-text fields, you must avoid entering sensitive personal data unnecessarily (e.g., medical information) unless strictly required for the Request.

6. Communications and Representation Rules

To prevent regulated-activity creep and misrepresentation:

6.1 No false representation of DocuBay

You must not represent to clients, employees, vendors, banks, authorities, insurers, or third parties that DocuBay is:

• (a) a law firm, legal consultant, tax advisor, bank, lender, insurer, insurance broker, audit firm, or regulator; or
• (b) guaranteeing approvals, outcomes, court appointments, bank acceptance, or processing timelines.

6.2 No authority impersonation

You must not claim to be associated with or acting on behalf of any UAE government body, court, free zone, bank, insurer, embassy, or regulator.

6.3 No abusive escalation tactics

You must not threaten staff or vendors with baseless legal/regulatory complaints to force outcomes. Legitimate complaints are fine—abusive coercion is not.

7. Compliance Controls, Monitoring, and Enforcement

7.1 Monitoring and investigation

DocuBay may monitor Platform usage to protect security, ensure compliance, prevent fraud, and meet legal obligations. Monitoring may include audit logs, access logs, system event logs, and review of submitted materials where required for support or compliance.

7.2 Action DocuBay may take

If DocuBay reasonably believes you have violated this AUP or created a legal, security, or regulatory risk, DocuBay may, without limiting any other rights:

• (a) suspend or restrict access;
• (b) block uploads or Requests;
• (c) require additional verification steps;
• (d) remove content or documents;
• (e) refuse or cancel Requests;
• (f) escalate to relevant vendors or authorities where legally required; and/or
• (g) terminate your account in accordance with the Terms.

7.3 No duty to process unlawful or risky Requests

DocuBay is not obligated to process any Request that may be unlawful, fraudulent, or non-compliant.

8. Reporting Misuse

If you believe there is unauthorised access, fraud, or misuse related to your account or any Platform activity, you must promptly notify DocuBay at the support channel listed in the Contact section of the Terms and cooperate in good faith with any investigation.

9. Changes to This AUP

DocuBay may update this AUP from time to time to reflect operational, regulatory, or security requirements. Updates will be published on the Platform/website. Continued use of the Platform after updates take effect constitutes acceptance.

10. Governing Terms

This AUP is governed by the Terms, including governing law and jurisdiction. In case of conflict, the Terms prevail unless the AUP expressly states otherwise.