Acceptable Use Policy

1. Purpose and Scope

This Acceptable Use Policy (“AUP”) describes activities that are not permitted when using the Retail Stack platform, applications, and services (the “Service”). It applies to every user of the Service, including merchant business owners, authorised staff, and any other person who accesses the Service through a Retail Stack account.

This AUP forms part of, and is incorporated by reference into, the Retail Stack Terms of Service. Capitalised terms that are not defined here have the meaning given to them in the Terms of Service. In the event of any conflict between this AUP and the Terms of Service, this AUP prevails for matters of acceptable use.

We may update this AUP from time to time. The current version is published at retailstack.co/legal/acceptable-use.

2. Your Responsibility

If you are a Merchant, you are responsible for the conduct of every Authorised User you have invited or permitted to access your Account. This includes employees, contractors, and any other person to whom you have granted access. Violations by your Authorised Users are treated as violations by you.

3. Prohibited Activities

You must not use the Service to do any of the following, or to assist any other person to do any of the following.

3.1 Unlawful and harmful activity

• violate any law, regulation, or judicial order applicable to you, your business, your customers, or your suppliers

• engage in fraud, deception, money laundering, terrorism financing, sanctions evasion, or any other criminal activity

• infringe any intellectual property right, trade secret, privacy right, or other right of any person

• sell or facilitate the sale of goods or services that are prohibited by law in any market in which you operate, including controlled substances, unlicensed pharmaceuticals, counterfeit goods, weapons that you are not licensed to sell, or stolen property

• harass, threaten, defame, or otherwise harm any individual or group

3.2 Manipulation of GMV, billing, or audit data

• fabricate, inflate, or otherwise manipulate transactions, refunds, voids, or other records in the Service for the purpose of reducing fees, evading billing, or misrepresenting business performance

• record sales outside the Service for the purpose of avoiding GMV measurement, where your Subscription is GMV-based

• tamper with, disable, or attempt to circumvent audit logs, billing meters, or any other measurement or accounting function of the Service

• create artificial Stores, Accounts, or Authorised Users for the purpose of evading limits, thresholds, or fees

3.3 Misuse of Customer Data

• enter personal data about your customers, employees, suppliers, or other individuals into the Service without a lawful basis under applicable law

• use the customer management features of the Service to send unsolicited marketing communications, spam, or any communication that violates applicable anti-spam, telecommunications, or privacy laws

• disclose Customer Data to third parties without the consent or other lawful basis required by applicable law

• use the Service to track, profile, or surveil individuals in a manner that is unlawful, deceptive, or contrary to reasonable expectations

3.4 Misuse of supplier features

• send requests for quotation, purchase orders, or other communications through the procurement Product to suppliers with whom you have no genuine business relationship or intention to transact

• use the procurement Product to send bulk, automated, or unsolicited communications in violation of applicable anti-spam laws, including Canada’s Anti-Spam Legislation where applicable

• enter false, misleading, or fraudulent supplier information into the Service, including false bank account details intended to redirect legitimate payments

3.5 Technical abuse

• attempt to gain unauthorised access to any part of the Service, any other Account, or any underlying infrastructure

• probe, scan, or test the vulnerability of the Service except as expressly authorised by us in writing

• upload, transmit, or introduce any virus, worm, malware, ransomware, spyware, or other malicious code

• interfere with, disrupt, or impose an unreasonable load on the Service, its infrastructure, or any other Merchant’s use of the Service, including by denial-of-service techniques or excessive automated requests

• use bots, scrapers, crawlers, or other automated tools to extract data from the Service except through our documented APIs and within their published limits

• reverse-engineer, decompile, disassemble, or otherwise attempt to derive the source code, models, or underlying ideas of the Service, except to the extent expressly permitted by applicable law

• circumvent or attempt to circumvent any usage limits, access controls, rate limits, security features, or billing controls

• use the Service to build, train, or improve any competing product or service

3.6 Account integrity

• share, sell, transfer, or otherwise make available your login credentials, access tokens, or PIN codes to any person who is not a properly invited Authorised User

• create an Account using false, misleading, or someone else’s identity

• impersonate any person, business, or entity, including any employee or representative of Retail Stack

• continue to access the Account of an employer or other organisation after your authorisation has been revoked

3.7 Misuse of automated and intelligence features

• rely on Intelligence Feature outputs without applying your own business judgement, where doing so would be unsafe, unlawful, or contrary to your obligations to customers, suppliers, or regulators

• use Intelligence Features to engage in collusive pricing, anti-competitive practices, or other conduct that is unlawful under applicable competition law

• attempt to extract, copy, or replicate the models, prompts, weights, or other proprietary components underlying Intelligence Features

4. Reporting Suspected Violations

If you become aware of any actual or suspected violation of this AUP, please report it to support@retailstack.co. Reports should include a clear description of the conduct, the Account or User identifier where known, and any supporting evidence. We treat reports confidentially to the extent reasonably possible.

5. Investigation and Enforcement

We may investigate any suspected violation of this AUP. In the course of an investigation we may:

• review activity logs, audit trails, and other operational records

• request information, evidence, or cooperation from the Merchant or affected Authorised Users

• temporarily restrict or suspend access to the Service to prevent ongoing harm

• involve law enforcement or regulatory authorities where appropriate or required by law

Following an investigation, we may take any of the following actions at our sole discretion, taking into account the nature and severity of the violation and any prior conduct:

• issue a warning

• require remedial action within a specified period

• disable specific features, integrations, or Authorised Users

• suspend the Account in whole or in part

• terminate the Account under the Terms of Service

• recover any fees, losses, or costs we have incurred as a result of the violation

• refer the matter to law enforcement or to a regulator

6. No Waiver

Our decision not to take action in respect of any particular violation, or our decision to allow an Account to continue operating during an investigation, does not waive our right to take action in respect of that violation or any future violation.

7. Changes to This Policy

We may revise this AUP from time to time. Material changes will be notified through the Service or by email, and will take effect on the date stated in the notice. Your continued use of the Service after the effective date of a revised AUP constitutes acceptance.

8. Contact

Retail Stack

Email: support@retailstack.co

Web: retailstack.co

This Acceptable Use Policy is part of the Retail Stack Terms of Service.