Acceptable Use Policy (AUP)
This Acceptable Use Policy ("Policy") sets out the acceptable and prohibited use of the duely platform. All Authorised Users representing a Subscriber (Firm) must comply with this Policy. By accessing duely, you agree to follow these rules.
1. Fundamental Prohibited Conduct
You must NOT use duely to:
- facilitate, conceal, or aid money laundering, terrorist financing, fraud, or any other criminal or illicit activity;
- store, upload, or transmit illegal, offensive, or grossly inappropriate content unrelated to legitimate compliance needs of the Firm; or
- knowingly input false, deceptive, or misleading information into verification workflows or screening tools.
2. Integrity of Evidence and Data
Users must NOT:
- deliberately falsify, tamper with, or manipulate verification records, identity documents, risk ratings, or screening results; or
- attempt to alter or delete system-generated audit logs or Evidence Packs.
3. Account Sharing and Access
Security and attribution of actions matter in AML systems.
- Individual credentials. duely operates a "one account per individual user" policy. Login credentials must not be shared with personnel, contractors, or external parties.
- Role limits. Users must not attempt to exploit vulnerabilities to exceed their authorised Role-Based Access Control (RBAC) permissions.
4. Tipping-Off and Circumvention
Section 123 of the AML/CTF Act 2006 (Cth) ("Tipping Off") imposes criminal penalties for disclosing the existence of a Suspicious Matter Report (SMR) or related regulatory investigations. Users must NOT:
- attempt to circumvent platform controls designed to restrict access to SMR data;
- export, copy, or screenshot restricted SMR data to share with unauthorised parties, inside or outside the Firm; or
- use the platform's communication features (if any) to disclose SMR-related information to the subject of the suspicion.
5. Security Violations
Users must NOT:
- probe, scan, or test the vulnerability of the duely system or network without express written permission (for example, sanctioned penetration testing);
- attempt to introduce viruses, trojans, worms, logic bombs, or other malicious material to the platform; or
- engage in denial-of-service (DoS) attacks against the platform.
Note: Security researchers participating in duely's Vulnerability Disclosure Program (VDP), as described on our Security and Trust page, are exempt from this restriction when conducting responsible disclosure in accordance with VDP guidelines.
6. Consequences of Violation
A violation of this Acceptable Use Policy is a material breach of the Master Subscription Agreement. duely may:
- immediately suspend or terminate the relevant user account;
- immediately suspend or terminate the Firm's subscription; and
- report any suspected criminal activity, deliberate falsification of compliance records, or terrorism financing facilitation to the relevant law enforcement or regulatory authorities (including AUSTRAC, AFP, or state police) as legally required or permitted.
7. Governing Law
This Acceptable Use Policy is governed by the laws of New South Wales, Australia.