Acceptable Use Policy

Effective Date: February 27, 2026  ·  Last Updated: May 31, 2026  ·  VerifiedFlow Technologies Ltd

Introduction

This Acceptable Use Policy ("AUP") governs all use of the VerifiedFlow API platform, dashboard, and related services ("Service") provided by VerifiedFlow Technologies Ltd, a company incorporated under the laws of the Federal Republic of Nigeria ("VerifiedFlow," "we," "us," or "our").

By accessing or using the Service, you ("Customer," "you," or "your") represent that you have read, understood, and agree to be legally bound by this AUP. If you are using the Service on behalf of a business or organisation, you represent that you have authority to bind that entity to this AUP.

This AUP is incorporated into and forms part of the VerifiedFlow Terms of Service.

1. Permitted Uses

The Service is designed exclusively for legitimate, lawful OTP-based verification purposes including but not limited to:

• User account creation and login authentication
• Two-factor authentication (2FA) and multi-factor authentication (MFA)
• Phone number and email address verification
• Transaction authorisation and confirmation
• Password reset and account recovery
• Identity verification for regulated industries
• Employee onboarding verification
• Age verification for age-restricted platforms
• Consent verification for regulated communications

All permitted uses remain subject to full compliance with applicable law. Inclusion in this list does not exempt any use case from legal, regulatory, or ethical obligations.

2. Prohibited Uses

You may not use the Service, directly or indirectly, for any of the following purposes:

2.1 Illegal and Criminal Activities

• Facilitating, enabling, supporting, or concealing any activity that constitutes an offence under Nigerian law including the Cybercrimes (Prohibition, Prevention, etc.) Act 2015, the Economic and Financial Crimes Commission (Establishment) Act, the Money Laundering (Prevention and Prohibition) Act 2022, or any applicable international law
• Supporting, processing, or concealing money laundering, terrorist financing, fraud, or any financial crime
• Enabling identity theft, credential theft, account takeover, or impersonation of any individual or entity
• Facilitating SIM swap fraud, social engineering attacks, or phishing schemes
• Verifying stolen, fraudulently obtained, or non-consenting phone numbers or email addresses
• Operating or supporting any platform or service that is itself engaged in prohibited activity
• Conducting or facilitating any activity that violates sanctions imposed by Nigeria, the United Nations, the United States Office of Foreign Assets Control (OFAC), or the European Union

2.2 Harmful and Abusive Communications

• Sending OTPs to individuals who have not explicitly consented to receive them
• OTP bombing — sending repeated or excessive OTP requests to a single recipient for the purpose of harassment, annoyance, or denial of service
• Sending threatening, harassing, abusive, defamatory, or discriminatory messages
• Transmitting unsolicited commercial, promotional, or marketing communications
• Conducting or facilitating phishing, vishing, smishing, or any social engineering attack
• Distributing malware, ransomware, spyware, or any malicious code or content
• Impersonating VerifiedFlow, its employees, or any other person or entity

2.3 Data and Privacy Violations

• Processing personal data in violation of the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act 2023, or any applicable data protection law
• Collecting, storing, or processing the personal data of children under the age of 18 without verifiable parental or guardian consent
• Using phone numbers or email addresses obtained through illegal means, data breaches, unauthorised scraping, or purchased lists without explicit consent
• Failing to maintain verifiable records of end-user consent for OTP communications
• Transferring personal data to jurisdictions without adequate data protection safeguards without appropriate legal mechanisms

2.4 Platform and Infrastructure Abuse

• Attempting to bypass, circumvent, or manipulate monthly OTP limits, rate limits, or usage quotas by any means including creating multiple accounts
• Sharing, selling, leasing, sublicensing, or otherwise transferring API keys to any third party without written consent from VerifiedFlow
• White-labelling or reselling the Service as your own product without a written reseller agreement with VerifiedFlow
• Reverse engineering, decompiling, disassembling, or probing the VerifiedFlow infrastructure, source code, or systems
• Conducting load testing, stress testing, penetration testing, or security scanning of VerifiedFlow systems without prior written authorisation
• Using automated scripts, bots, or tools to enumerate valid phone numbers, email addresses, or other personal data through the Service
• Interfering with, disrupting, or degrading the integrity, performance, or availability of the Service
• Attempting unauthorised access to any VerifiedFlow system, account, or data
• Using the Service to facilitate credential stuffing, brute force attacks, or any automated attack against third-party systems

3. Customer Warranties and Representations

By using the Service, you expressly warrant and represent that:

• You are legally authorised to operate your business or application in all jurisdictions where you use the Service
• Your use of the Service complies with all applicable laws, regulations, and industry standards in your jurisdiction and in the jurisdictions of your end users
• All end users to whom you send OTP communications have explicitly consented to receive such communications through your platform
• You maintain verifiable records of end-user consent that can be produced upon request by VerifiedFlow or any competent authority
• You have implemented reasonable security measures to protect your API keys and prevent unauthorised use of your account
• You will promptly notify VerifiedFlow at legal@verifiedflow.dev if you become aware of any unauthorised use of your API key or any security breach affecting your account

4. Customer Obligations

4.1 KYC Compliance

Where your use case involves regulated activities, you are solely responsible for implementing appropriate Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures for your own end users. VerifiedFlow provides OTP delivery infrastructure only and does not perform KYC on your behalf.

4.2 Consent Management

You must obtain, record, and be able to demonstrate explicit consent from all end users before submitting their contact information to the Service.

4.3 Security

You are responsible for securing your API keys. You must immediately rotate your API key and notify VerifiedFlow if you suspect compromise.

4.4 Monitoring

You are responsible for monitoring your own platform for misuse and taking prompt corrective action.

4.5 Compliance Updates

You are responsible for staying current with changes to applicable laws and regulations affecting your use of the Service.

5. VerifiedFlow's Rights

• VerifiedFlow reserves the right, at its sole discretion, to monitor usage patterns and OTP delivery activity for the purpose of detecting abuse, fraud, or violations of this AUP
• VerifiedFlow reserves the right to suspend or terminate any account immediately and without prior notice where it reasonably suspects a violation of this AUP
• VerifiedFlow reserves the right to preserve and disclose any account data, usage logs, or communications to law enforcement, regulatory authorities, or courts of competent jurisdiction when required by law or when VerifiedFlow reasonably believes disclosure is necessary to protect the rights, property, or safety of VerifiedFlow, its customers, or the public
• VerifiedFlow reserves the right to cooperate fully with Nigerian and international law enforcement agencies, including the EFCC, ICPC, NPF, and international counterparts, in any investigation involving the Service

6. Consequences of Violation

Specifically, violations may result in any or all of the following at VerifiedFlow's sole discretion:

• Immediate suspension of your account and API access without notice or refund
• Permanent termination of your account and all associated data
• Preservation of your account data and logs for law enforcement purposes
• Mandatory reporting to relevant Nigerian and international authorities including the EFCC, NDPC, and relevant law enforcement agencies
• Civil legal action for damages, injunctive relief, or any other remedy available under Nigerian law
• Public disclosure of the violation where required by law or where necessary to protect other users

7. Indemnification

You agree to indemnify, defend, and hold harmless VerifiedFlow Technologies Ltd, its directors, officers, employees, agents, and successors from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to:

• Your use or misuse of the Service
• Your violation of this AUP or the Terms of Service
• Your violation of any applicable law or regulation
• Any claim by a third party arising from your use of the Service
• Any unauthorised use of your API key resulting from your failure to maintain adequate security

8. Reporting Abuse

If you become aware of any misuse of the VerifiedFlow Service, please report it immediately.

VerifiedFlow will investigate all reports in good faith and take appropriate action.

9. Amendments

VerifiedFlow reserves the right to amend this AUP at any time. Where changes are material, we will provide at least 14 days' notice via email to your registered address before the changes take effect. Continued use of the Service after the effective date of any amendment constitutes acceptance of the revised AUP.

10. Governing Law

This AUP shall be governed by and construed in accordance with the laws of the Federal Republic of Nigeria. Any dispute arising under this AUP shall be subject to the exclusive jurisdiction of the courts of Nigeria.