Acceptable Use Policy

This Acceptable Use Policy ("AUP") forms part of our Terms of Service and governs your use of the ScanToProve Platform, including its dashboards, public scan pages, hardware tags, OPCLS Gateway and DNA Rails B2B API.

We may suspend or terminate your account for serious or repeated breaches of this AUP, with or without notice.

You must not upload, store, scan, transmit, or link from the Platform any content that:

• is unlawful, defamatory, threatening, harassing, hateful, or discriminatory;
• infringes intellectual property, trade-secret or privacy rights;
• contains malware, viruses, or any code designed to interfere with software or hardware;
• depicts or facilitates child sexual exploitation or abuse;
• relates to firearms, controlled substances, or items whose sale or transfer is restricted in Jersey, the UK or the user's jurisdiction;
• impersonates another person or organisation;
• is misleading about the authenticity, provenance or origin of an asset, animal or sample.

You must not use the Platform to:

• clone, spoof or attempt to forge NTAG 424 SUN authentication, including by replaying signed scan URLs or tampering with rolling counter values;
• register hardware tags to records that misrepresent the underlying object, animal, sample or asset;
• submit knowingly false provenance, service-history, or DNA chain-of-custody data;
• circumvent rate limits, billing, or feature gating;
• scrape, crawl or harvest data from the Platform other than via documented APIs;
• resell or sublicense access to the Platform without our written consent;
• introduce automated systems (bots, scripts) that submit a high volume of scans, lookups, or API calls beyond fair-use thresholds.

Hardware tags supplied or activated through the Platform rely on NTAG 424 DNA cryptographic features (SUN, CMAC SV2, rolling counter, optional Tag Tamper). You must not:

• extract, copy or share AES-128 master keys provisioned to tags;
• relocate, transplant, or attempt to clone an activated tag onto a different physical object than the one originally bound;
• disable, bypass, or interfere with Tag Tamper detection wiring on tags configured for tamper-evidence.

Detected tampering or cloning is logged on-chain as an immutable tamper event.

API consumers (REST API, DNA Rails, OPCLS Gateway, webhooks) must:

• keep API keys confidential and rotate them on suspected compromise;
• respect rate limits documented at /docs/api;
• handle HTTP 429 responses gracefully with exponential back-off;
• cache responses where appropriate to reduce unnecessary load;
• not use APIs to construct competing chip-lookup or sample-authentication services derived from our data.

We welcome good-faith security research. If you believe you have discovered a vulnerability, please email security@scantoprove.com with reproduction steps before any public disclosure. Please do not:

• access, modify, or destroy data that does not belong to you;
• run automated scanners against the Platform without prior written consent;
• publicly disclose a vulnerability before we have had 90 days to remediate, or unless a clear public-interest exception applies.

To report a breach of this AUP — including suspected counterfeit goods, animal cruelty, fraudulent listings, or malicious content — email abuse@scantoprove.com. We aim to respond within 5 business days.

We may, at our discretion:

• remove or quarantine content that breaches this AUP;
• suspend or terminate accounts and API keys;
• invalidate compromised hardware tags and refuse re-issuance;
• report criminal conduct to the appropriate authorities.

We do not generally moderate Content in advance, but we reserve the right to do so.