Acceptable Use Policy

1. Prohibited Activities

When using SatsRail, you agree not to engage in, facilitate, or support any of the following activities. This list is illustrative and not exhaustive. SatsRail reserves the right to determine, in its sole discretion, whether any activity violates this policy.

1.1 Illegal Activities

Any activity that violates applicable local, state, federal, or international law, including but not limited to:

• Sale or distribution of illegal drugs, controlled substances, or drug paraphernalia
• Human trafficking, exploitation, or forced labor
• Sale, distribution, or manufacture of illegal weapons, explosives, or ammunition
• Child sexual abuse material (CSAM) or exploitation of minors in any form
• Ransomware deployment, extortion, or facilitating ransomware payments
• Fraud, phishing, identity theft, or social engineering schemes
• Counterfeiting, forgery, or production of fraudulent documents
• Illegal gambling operations (in jurisdictions where prohibited)
• Any activity conducted through or in connection with darknet marketplaces

1.2 Financial Crimes

• Money laundering or structuring transactions to evade reporting requirements
• Terrorist financing or providing material support to designated terrorist organizations
• Evasion of economic sanctions imposed by OFAC, the European Union, the United Nations, or any other applicable sanctions authority
• Operating an unlicensed money transmitter or money services business
• Tax evasion or facilitating tax evasion
• Ponzi schemes, pyramid schemes, or fraudulent investment schemes
• Market manipulation or insider trading
• Processing payments known or reasonably suspected to be derived from criminal activity

1.3 Cryptocurrency-Specific Prohibited Activities

• Using SatsRail in connection with cryptocurrency mixing, tumbling, or laundering services designed to obscure the origin or destination of funds
• Processing payments for or on behalf of persons or entities on the OFAC Specially Designated Nationals (SDN) list or any other applicable sanctions list
• Processing payments involving persons or entities located in comprehensively sanctioned jurisdictions, including Cuba, Iran, North Korea, Russia, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine
• Operating or facilitating darknet marketplaces or anonymous illegal commerce platforms
• Facilitating ransomware payments or acting as an intermediary for ransom demands
• Using the Service to evade or circumvent blockchain analytics, transaction monitoring, or law enforcement surveillance
• Processing proceeds of cryptocurrency theft, hacking, protocol exploits, or bridge exploits
• Operating unregistered cryptocurrency exchanges or conducting unlicensed money transmission through the Service
• Engaging in wash trading, spoofing, or other manipulative trading practices using the Service

1.4 Harmful Content and Activities

• Sale or distribution of weapons of mass destruction or their components
• Products or services that promote violence, hatred, or discrimination against any individual or group
• Harassment, stalking, doxxing, or threats of harm
• Non-consensual intimate images or revenge pornography
• Sale or distribution of stolen goods, stolen data, or compromised credentials
• Infringement of intellectual property rights, including counterfeit goods and pirated content
• Deceptive business practices, misleading advertising, or bait-and-switch schemes

1.5 Platform Abuse

• Creating accounts under false identities or providing materially false or misleading information
• Using the Service on behalf of a third party without full disclosure to SatsRail
• Reselling, sublicensing, or providing unauthorized access to the Service
• Creating multiple accounts to circumvent subscription plan limits, rate limits, or enforcement actions
• Circumventing or attempting to circumvent rate limits, access controls, security measures, or other technical restrictions
• Interfering with or disrupting the Service, its infrastructure, or other users' use of the Service

2. Bitcoin and Lightning Network Compliance

2.1 Regulatory Compliance Obligations

You are solely responsible for:

• Determining and complying with all regulatory requirements applicable to your business and your use of cryptocurrency in your jurisdiction
• Obtaining and maintaining all licenses, permits, and registrations required for your business operations and for accepting cryptocurrency payments
• Implementing Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures to the extent required by applicable law
• Complying with all applicable sanctions regimes, including OFAC, EU, and UN sanctions
• Complying with all applicable tax reporting requirements, including IRS reporting obligations (e.g., Form 1099-K) where applicable
• Not processing transactions that you know or reasonably suspect involve illegal activity
• Maintaining records sufficient to demonstrate compliance with all applicable legal and regulatory requirements

2.2 Sanctions Compliance

You must:

• Screen your customers and transaction counterparties against applicable sanctions lists to the extent required by law
• Not process payments involving persons, entities, or jurisdictions subject to comprehensive sanctions
• Immediately notify SatsRail at compliance@satsrail.com if you become aware or reasonably suspect that any transaction processed through the Service may involve sanctioned parties or sanctioned jurisdictions
• Maintain and follow an internal sanctions compliance program proportionate to the risk profile of your business

3. API Usage

3.1 Authorized Use

• API access is granted solely for integration with your authorized business operations as permitted by this Agreement
• You must use API keys only for their intended purpose: secret keys (sk_live_...) for server-side operations only, publishable keys (pk_live_...) for client-side payment widget integration only
• You must keep all API keys and tokens secure, confidential, and protected from unauthorized access

3.2 Prohibited API Activities

• Sharing, publishing, embedding in client-side code, or otherwise exposing secret API keys
• Exceeding published rate limits or attempting to circumvent rate limiting mechanisms
• Automated scraping, crawling, or data extraction beyond normal API usage patterns
• Attempting to access other merchants' data, accounts, or resources
• Reverse engineering, decompiling, or attempting to discover the source code of the API
• Using the API to build a competing product or service
• Sending malicious payloads or attempting injection attacks (SQL injection, XSS, CSRF, or similar)
• Using the API from IP addresses in comprehensively sanctioned jurisdictions
• Automated creation of accounts or API keys

3.3 Security Requirements

• You must implement HTTPS/TLS for all webhook endpoint URLs
• You must validate HMAC signatures on all incoming webhook deliveries
• You must rotate API keys immediately if you suspect they have been compromised, and notify SatsRail at compliance@satsrail.com
• You are responsible for the security of your integration and all activity conducted under your API keys, regardless of whether such activity was authorized by you

4. Reporting Obligations

4.1 Merchant Reporting

You must promptly report the following to SatsRail:

• Any suspected unauthorized access to your account, API keys, or tokens — report to compliance@satsrail.com
• Any transaction you know or reasonably suspect involves illegal activity, sanctioned parties, or any Prohibited Activity — report to compliance@satsrail.com
• Any material change in your business that may affect your regulatory status, licensing, or eligibility to use the Service
• Any law enforcement inquiry, subpoena, or legal process related to your use of the Service
• Any data breach affecting information processed through or in connection with the Service

4.2 SatsRail Reporting

SatsRail may report suspected illegal activity to law enforcement agencies, regulatory authorities, financial intelligence units, or other governmental bodies as required by law or as SatsRail deems appropriate in its sole discretion. SatsRail is not required to notify you before or after making such reports and shall not be liable for any consequences arising from such reporting.

5. Enforcement

5.1 Tier 1 — Warning

For minor or first-time violations of non-critical provisions (e.g., inadvertent rate limit violations, minor API misuse), SatsRail may issue a written warning via email. You must remedy the violation within the timeframe specified in the warning.

5.2 Tier 2 — Temporary Suspension

For repeated violations, failure to remedy a Tier 1 warning within the specified timeframe, or moderately serious violations, SatsRail may temporarily suspend your account and revoke API keys for a specified period. Suspended accounts may not create new API keys or process payments during the suspension period.

5.3 Tier 3 — Immediate Account Locking and API Revocation

5.4 Tier 4 — Permanent Termination

For the most serious violations, SatsRail may permanently terminate your account with no possibility of reinstatement. All prepaid subscription fees are forfeited. Account data will be retained as required by law and for cooperation with law enforcement. SatsRail may report the violation to relevant authorities.

5.5 Appeals

If your account has been suspended, locked, or terminated, you may submit a written appeal to compliance@satsrail.com within thirty (30) days of the enforcement action. Your appeal must include a detailed explanation and any supporting evidence. SatsRail will review the appeal and respond within fifteen (15) business days. SatsRail's decision on appeals is final and binding. Accounts terminated for illegal activity are generally not eligible for reinstatement.

5.6 No Liability for Enforcement

SatsRail shall not be liable for any loss, damage, cost, or inconvenience arising from enforcement actions taken in good faith under this policy, including lost revenue, lost customers, business interruption, or reputational harm.

6. Cooperation

6.1 Cooperation with SatsRail Investigations

As a condition of using the Service, you agree to cooperate fully and promptly with any SatsRail investigation into suspected violations of this policy. This includes providing information, documents, records, and access reasonably requested by SatsRail. Failure to cooperate with an investigation constitutes an independent violation of this policy and grounds for enforcement action.

6.2 Cooperation with Law Enforcement

You agree to cooperate with law enforcement agencies, regulatory bodies, and governmental authorities in connection with inquiries and legal processes related to your use of the Service, to the extent required by applicable law.

7. Changes to This Policy

SatsRail may update this Acceptable Use Policy at any time. For material changes, SatsRail will provide at least fifteen (15) days' prior notice via email to the address associated with your account. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the modified policy.

8. Contact Us

If you have questions about this Acceptable Use Policy:

• Compliance: compliance@satsrail.com