Acceptable Use Policy

1. Introduction

This Acceptable Use Policy ("AUP" or "Policy") sets out the rules and guidelines for using Vydapay's corporate card management platform, cards, and related services (collectively, the "Services"). This Policy is designed to protect our customers, our business partners, and the integrity of the payment ecosystem.

This Policy forms part of and is incorporated into our Terms of Service. By using our Services, you agree to comply with this Policy. If you do not agree with this Policy, you must not use our Services.

Vydapy Ltd, trading as Vydapay, is authorised and regulated by the Financial Conduct Authority (FCA) and is a principal member of Mastercard. As such, we are required to ensure that our Services are used in accordance with applicable laws, regulations, and card network rules.

2. Scope and Application

2.1 Who This Policy Applies To

This Policy applies to:

• All businesses and organisations that have registered for a Vydapay account ("Account Holders")
• All individuals authorised to access and use Vydapay Services on behalf of an Account Holder ("Authorised Users")
• All cardholders who have been issued Vydapay virtual or physical cards
• Any person who accesses or uses our website, mobile applications, APIs, or related services

2.2 Account Holder Responsibility

Account Holders are responsible for ensuring that all Authorised Users and cardholders under their account understand and comply with this Policy. Any violation by an Authorised User or cardholder will be treated as a violation by the Account Holder.

2.3 Relationship to Other Policies

This Policy should be read in conjunction with:

• Our Terms of Service
• Our Privacy Policy
• Mastercard's merchant category codes and acceptance rules
• Any additional policies applicable to your specific account type or industry

3. Permitted Use

3.1 Legitimate Business Purposes

Vydapay Services are intended exclusively for legitimate business purposes. Permitted uses include:

• Purchasing goods and services necessary for your business operations
• Paying for business travel and accommodation
• Subscribing to software and business services
• Paying suppliers and vendors
• Managing employee expenses for business activities
• Making business-related online purchases
• Paying for advertising and marketing services
• Purchasing office supplies and equipment

3.2 Authorised Cardholders

Cards may only be used by the individual to whom they are issued. Sharing card details with unauthorised persons is strictly prohibited. Each cardholder is responsible for:

• Keeping their card details secure and confidential
• Using the card only for authorised business purposes
• Complying with any spending limits or controls set by the Account Holder
• Providing receipts and documentation as required by the Account Holder
• Reporting any lost, stolen, or compromised cards immediately

4. Prohibited Activities

4.1 Illegal Activities

The following activities are strictly prohibited and may constitute criminal offences:

• Fraud: Any fraudulent, deceptive, or misleading activity, including identity fraud, payment fraud, or misrepresentation of transactions
• Money Laundering: Using our Services to conceal or disguise the origins of illegally obtained money or to transfer funds related to criminal activity
• Terrorist Financing: Providing or collecting funds with the intention or knowledge that they will be used to carry out terrorist acts
• Tax Evasion: Using our Services to evade or facilitate the evasion of taxes
• Sanctions Violations: Transactions with individuals, entities, or countries subject to UK, EU, US, or UN sanctions
• Bribery and Corruption: Payments that constitute or facilitate bribery, kickbacks, or other corrupt practices

4.2 Prohibited Goods and Services

Our cards may not be used to purchase the following goods or services:

• Illegal drugs and controlled substances: Including drug paraphernalia and substances not approved by regulatory authorities
• Weapons and ammunition: Firearms, explosives, knives designed as weapons, and related items (exceptions may apply for licensed security firms)
• Counterfeit goods: Products that infringe on intellectual property rights, including fake luxury goods and pirated media
• Stolen property: Goods known or suspected to be stolen or illegally obtained
• Human trafficking: Any services or goods related to human trafficking or exploitation
• Endangered species: Products derived from protected wildlife or plants

4.3 High-Risk Activities

The following activities are generally prohibited without prior written approval from Vydapay:

• Gambling: Online or offline gambling, betting, lottery tickets, and casino chips
• Adult entertainment: Pornography, escort services, and adult-only content
• Cryptocurrency: Purchasing cryptocurrencies, NFTs, or related digital assets
• Money transmission: Using cards to fund money transfer or remittance services
• High-value transactions: Single transactions exceeding £10,000 without prior notification
• Gift cards and stored value: Purchasing prepaid cards, gift cards, or stored value products in significant quantities

4.4 Personal Use

Vydapay corporate cards are for business use only. Personal expenses are strictly prohibited, including but not limited to:

• Personal shopping for non-business items
• Personal travel and holidays
• Payments to personal accounts
• Family or household expenses
• Personal subscriptions and memberships

4.5 Platform Abuse

The following activities constitute abuse of our platform and are prohibited:

• Attempting to circumvent spending controls, limits, or security measures
• Creating multiple accounts to evade restrictions or obtain additional benefits
• Using automated tools or bots to access our Services without authorisation
• Reverse-engineering, decompiling, or attempting to extract source code from our software
• Introducing malware, viruses, or other malicious code into our systems
• Interfering with or disrupting our Services or servers
• Exploiting vulnerabilities in our systems without immediately reporting them

5. Merchant Category Restrictions

Mastercard assigns merchant category codes (MCCs) to classify businesses. We may block or restrict certain MCCs based on risk assessment and regulatory requirements. The following merchant categories are typically blocked by default:

5.1 Always Blocked

• MCC 5993: Cigar stores and stands
• MCC 7273: Dating and escort services
• MCC 7995: Gambling transactions
• MCC 5933: Pawn shops
• MCC 6051: Non-financial institutions – foreign currency, non-fiat cryptocurrency

5.2 Blocked by Default (Can Be Enabled Upon Request)

• MCC 4829: Money transfer
• MCC 6012: Financial institutions – merchandise and services
• MCC 6211: Security brokers/dealers
• MCC 6050: Quasi cash – customer financial institution

Account Holders can request changes to merchant category restrictions by contacting our support team. Approval is subject to our risk assessment and compliance review.

6. Spending Controls and Limits

6.1 Account-Level Limits

Your account is subject to overall spending limits based on your account tier, verification status, and credit assessment. These limits apply across all cards on your account and include:

• Maximum account balance
• Monthly spending limit
• Daily transaction limit
• Single transaction limit

6.2 Card-Level Controls

Account Holders can set additional controls at the individual card level, including:

• Per-transaction limits
• Daily, weekly, or monthly spending limits
• Merchant category restrictions
• Geographic restrictions
• Time-based restrictions (e.g., business hours only)
• Online vs. in-store restrictions

6.3 Approval Workflows

Account Holders can configure approval workflows requiring manager approval for transactions that exceed certain thresholds or fall outside normal patterns. These workflows are designed to provide additional oversight and control.

7. Card and Account Security

7.1 Card Security Requirements

All cardholders must:

• Keep physical cards in a secure location when not in use
• Never share card numbers, CVV codes, or PINs with anyone
• Never write down PINs or store them with the card
• Use secure connections when making online transactions
• Verify merchant legitimacy before providing card details
• Review transaction notifications and report any discrepancies immediately

7.2 Account Security Requirements

All users must:

• Use strong, unique passwords for their Vydapay account
• Enable multi-factor authentication (MFA)
• Never share login credentials with others
• Log out of the platform when using shared devices
• Keep devices used to access Vydapay secure and up to date
• Report any suspected security breaches immediately

7.3 Lost or Stolen Cards

If a card is lost, stolen, or compromised, you must:

• Freeze or cancel the card immediately using our app or website
• Contact our support team if you cannot access the platform
• Review recent transactions and report any unauthorised activity
• Request a replacement card if needed

8. Reporting Obligations

8.1 Suspicious Activity

You must immediately report to Vydapay any:

• Suspected fraudulent activity on your account or cards
• Unauthorised access to your account
• Suspicious transactions you do not recognise
• Requests to use your cards for purposes that may violate this Policy
• Knowledge or suspicion of money laundering or other financial crimes

8.2 Changes to Your Business

You must notify us promptly of any significant changes to your business, including:

• Changes to your legal structure or ownership
• Changes to your primary business activities
• Changes to your registered address or trading address
• Changes to directors or significant controllers
• Any regulatory actions or investigations involving your business

9. Monitoring and Enforcement

9.1 Transaction Monitoring

We monitor all transactions processed through our platform to detect potentially fraudulent, suspicious, or policy-violating activity. Our monitoring includes:

• Real-time transaction screening against sanctions lists and watchlists
• Pattern analysis to identify unusual spending behaviour
• Merchant category monitoring to detect restricted purchases
• Velocity checks to identify rapid or high-volume transactions
• Geographic analysis to detect transactions from high-risk locations

9.2 Investigations

If we identify potentially suspicious or policy-violating activity, we may:

• Contact you to request additional information or documentation
• Temporarily suspend transactions pending investigation
• Request proof of the nature and legitimacy of transactions
• Involve our compliance and legal teams in the review
• Report suspicious activity to relevant authorities as required by law

9.3 Cooperation

You agree to cooperate fully with any investigations by providing requested information and documentation in a timely manner. Failure to cooperate may result in account suspension or termination.

10. Consequences of Violations

Violations of this Policy may result in one or more of the following actions, depending on the severity and nature of the violation:

• Warning: For minor or first-time violations, we may issue a formal warning requiring you to cease the prohibited activity
• Transaction Decline: Specific transactions may be declined if they violate policy rules
• Card Suspension: Individual cards may be temporarily or permanently suspended
• Account Restriction: Your account may be restricted to limit certain activities or require additional approvals
• Account Suspension: Your entire account may be suspended pending investigation or resolution
• Account Termination: Your account may be permanently closed for serious or repeated violations
• Legal Action: We may pursue legal remedies, including recovery of losses and reporting to law enforcement
• Regulatory Reporting: We may be required to report violations to regulators, including the FCA and law enforcement agencies

11. Updates to This Policy

We may update this Acceptable Use Policy from time to time to reflect changes in our Services, legal requirements, industry best practices, or card network rules. We will notify you of material changes by:

• Posting the updated policy on our website with a new effective date
• Sending an email notification to Account Holders
• Displaying a notice within the Vydapay platform

Your continued use of our Services after changes take effect constitutes acceptance of the updated Policy. If you do not agree with the changes, you may close your account before the changes take effect.

12. Contact Information

If you have questions about this Policy or need to report a potential violation, please contact us:

Compliance Team
Vydapy Ltd
100 Lots Rd
London, SW10 0QJ
United Kingdom

Email: compliance@vydapay.com
Phone: +44 151 263 0173

For urgent issues involving suspected fraud or security breaches, please call our 24/7 security hotline.