Acceptable Use Policy

This Acceptable Use Policy (the “AUP”) sets out conduct that is required and conduct that is prohibited when using the Fiskl Platforms. It is incorporated by reference into the Customer Terms of Service, the User Terms of Service, the Atlas Terms Supplement, and any Order Form. Compliance with this AUP is a condition of access to the Fiskl Platforms.

Defined terms in the Customer Terms of Service apply here unless otherwise stated. Where this AUP is read by a User of an Atlas Firm or a Customer’s Authorized User, references to “you” mean the natural person using the Fiskl Platforms and, where applicable, the Customer or Atlas Firm responsible for that person’s access.

Fiskl may update this AUP from time to time on the basis set out in section 11 of the Customer Terms of Service.

1. Purpose

The AUP exists to protect Fiskl, our customers, our partners, our Authorized Users, and the natural persons whose data flows through the Fiskl Platforms. Fiskl is a financial platform: misuse can cause direct financial harm to third parties, breach criminal and regulatory law, and damage the integrity of the Fiskl Platforms. We enforce this policy strictly.

2. You must

When using the Fiskl Platforms, you must:

• comply with all laws and regulations applicable to your activity, including data protection, financial reporting, tax, anti-money-laundering, sanctions, anti-bribery, consumer-protection, and intellectual property law;
• provide accurate and complete information when registering, billing, and operating your Account, and keep that information current;
• only submit Customer Data that you have the right to submit, that does not infringe third-party rights, and that you can lawfully process;
• only record genuine, verifiable financial events that have actually occurred or that are bona-fide planned (such as a draft invoice for a real proposed transaction);
• maintain reasonable security over your Account credentials, including using strong passwords, enabling multi-factor authentication where available, and notifying Fiskl promptly of any suspected unauthorised access;
• ensure that your Authorized Users comply with this AUP and the User Terms of Service, and exercise reasonable supervision over their use of the Fiskl Platforms;
• comply with the rate limits, fair-use thresholds, and technical requirements published by Fiskl from time to time;
• cooperate with Fiskl in good faith on security investigations, fraud investigations, and inquiries from banking partners, payment processors, AI Providers, regulators, and law enforcement, where Fiskl is required or reasonably entitled to investigate or respond.

3. You must not — financial integrity

You must not use the Fiskl Platforms to:

• issue, send, record, or generate fake, fictitious, false, sham, or fraudulent invoices, quotes, receipts, expenses, transactions, journal entries, payments, or other financial records;
• record financial activity that did not actually occur or that is materially mischaracterised;
• facilitate, conceal, or disguise money laundering, terrorist financing, sanctions evasion, tax evasion, VAT fraud (including missing-trader and carousel fraud), invoice fraud, identity fraud, synthetic-identity fraud, or any other financial crime;
• misrepresent your or any third party’s financial position to lenders, investors, insurers, banks, regulators, tax authorities, professional advisers, customers, vendors, employees, or any other party — including by inflating revenue, suppressing liabilities, fabricating receivables, generating misleading reports, or backdating transactions;
• initiate Bad-Faith Chargebacks (as defined in section 5.9 of the Customer Terms of Service) — including disputing a charge after substantive use of the Fiskl Platforms, after a free or promotional period, or to avoid payment for benefit already received — or manipulate payment-processor disputes;
• manipulate, falsify, or interfere with banking integration data, including by tampering with imported transactions, fabricating bank feed entries, or misrepresenting the source of funds;
• use the Fiskl Platforms to launder content for fraudulent purposes, including by generating documentation to support a fraudulent narrative;
• use the Fiskl Platforms in connection with any business activity that is itself unlawful in your or your client’s jurisdiction.

The activities in this section 3 are material breaches of the Contract regardless of whether they also constitute a criminal or regulatory offence. Fiskl may suspend or terminate access immediately on detection or on reasonable suspicion, and may report to law enforcement, tax authorities, banking partners, and other appropriate parties as set out in section 12.5A of the Customer Terms of Service.

4. You must not — sanctions, restricted parties, and prohibited regions

You must not:

• use the Fiskl Platforms if you are, or if a controlling party of your business is, a person or entity subject to UK, EU, US, or UN sanctions, including persons listed on the UK Sanctions List, the EU Consolidated Sanctions List, the US OFAC SDN list, or equivalent;
• use the Fiskl Platforms to provide goods, services, or financial benefit to a sanctioned person or sanctioned regime;
• export or re-export the Fiskl Platforms to a destination prohibited by export-control law;
• access the Fiskl Platforms from a region in which use is prohibited by law applicable to Fiskl or by Fiskl’s published terms.

5. You must not — security and integrity of the Fiskl Platforms

You must not:

• attempt to gain unauthorised access to the Fiskl Platforms, to other customers’ Accounts, to Fiskl’s infrastructure, or to any third-party system through the Fiskl Platforms;
• circumvent any access control, rate limit, throttling, audit logging, security feature, or technical protection measure;
• probe, scan, or test the vulnerability of the Fiskl Platforms except under a published responsible disclosure or bug bounty programme;
• introduce viruses, worms, malware, ransomware, logic bombs, time bombs, backdoors, or any other harmful code into the Fiskl Platforms;
• initiate or participate in denial-of-service attacks, distributed denial-of-service attacks, or excessive automated traffic against the Fiskl Platforms;
• reverse-engineer, decompile, disassemble, or otherwise attempt to derive the source code, architecture, or models underlying the Fiskl Platforms, except to the extent permitted by mandatory law;
• crawl, scrape, or harvest data from the Fiskl Platforms except through authorised APIs, within published rate limits, and in accordance with the terms governing API use;
• mass-create accounts, use disposable email addresses for account creation, or evade Fiskl’s account-creation controls;
• circumvent or interfere with billing, metering, or usage tracking.

6. You must not — Fi and AI features

When using Fi (Fiskl’s conversational AI and orchestration system) or any other AI feature in the Fiskl Platforms, you must not:

• attempt prompt injection, jailbreaking, or other techniques to bypass Fi’s safety controls or to cause Fi to operate outside its intended scope;
• attempt to extract, reconstruct, or infer other customers’ Customer Data, Personal Data of other customers’ data subjects, or confidential information of Fiskl through Fi or other AI features;
• attempt to extract or reconstruct Fiskl’s prompts, system instructions, model weights, training data, or other proprietary AI assets through Fi or other AI features;
• rely on Fi outputs as legal, tax, audit, or professional accounting advice, or otherwise treat Fi outputs as authoritative without independent verification;
• use Fi to generate content that is unlawful, deceptive, defamatory, harassing, infringing, or harmful;
• automate Fi interactions in a way that exceeds published rate limits or that constitutes abusive load on the system;
• submit Customer Data to Fi that you do not have the right to submit, or that includes Special Categories of Personal Data without complying with section 5 of the DPA.

If you discover a vulnerability, exploit, or unintended behaviour in Fi, please report it through Fiskl’s responsible disclosure channel at security@fiskl.com.

7. You must not — content and conduct

You must not use the Fiskl Platforms to:

• transmit or store unlawful, infringing, defamatory, harassing, threatening, hateful, fraudulent, or otherwise harmful content;
• violate any person’s privacy, including by submitting Customer Data without a lawful basis, by harvesting personal data, or by tracking individuals without consent where consent is required;
• infringe any patent, trademark, copyright, database right, trade secret, or other intellectual property right;
• impersonate any person or entity, or misrepresent your affiliation with any person or entity;
• send unsolicited bulk communications (spam) through the Fiskl Platforms or via Service-generated emails (such as invoice or quote emails);
• target minors or use the Fiskl Platforms in ways that would harm a person who is or appears to be under 16;
• engage in mass automated communications prohibited by applicable communications law (for example, the UK PECR, EU ePrivacy, US TCPA / CAN-SPAM, equivalents).

8. You must not — competitive and commercial misuse

You must not:

• access the Fiskl Platforms to build a competing product or service, to copy or reverse-engineer Fiskl’s features, designs, models, or workflows, or for the benefit of any direct competitor of Fiskl;
• use the Fiskl Platforms for the benefit of, or to provide services to, a Patent Assertion Entity (defined in the Customer-Specific Supplement);
• sublicense, resell, redistribute, or otherwise commercially exploit the Fiskl Platforms to third parties except as expressly permitted (for example, an Atlas Firm providing services to its clients through Atlas);
• misuse Fiskl’s trademarks, logos, brand names, or marketing assets, including by registering similar domain names, by setting up unauthorised co-branded pages, or by misrepresenting your status as a Fiskl partner;
• misuse the Partner Program, the Ambassador Program, or any referral system, including by self-referring, using fake accounts to claim commissions, or fabricating referral conversions.

9. Atlas Firm-specific obligations

If you are an Atlas Firm or an Atlas Firm User, in addition to the rest of this AUP you must:

• use Atlas only in compliance with the rules of your professional regulator and the laws applicable to your practice (including AML/KYC obligations applicable to accountants where relevant in your jurisdiction);
• comply with your professional confidentiality obligations to your clients, including in your use of Customer Data of Atlas-managed Customers and in your interactions with Fi about your clients’ affairs;
• not use Atlas Firm access to a client’s Account for purposes outside the scope of your professional engagement with that client;
• not transfer or grant access to Atlas Firm User accounts to any person who is not authorised by your firm under section 4 of the Atlas Terms Supplement.

10. Fair use and rate limits

Fiskl applies fair-use thresholds and rate limits to protect the Fiskl Platforms for all customers. Current limits are published at [https://fiskl.com/legal/fair-use/] (to be confirmed and published by Fiskl engineering before publication of this AUP), and may include limits on:

• API calls per minute and per day;
• Fi AI queries and tokens per Subscription tier and per day;
• Bulk creation operations (invoices, quotes, contacts, products, transactions);
• Bulk import operations and file size;
• Document storage and attachment storage;
• Outbound emails generated by the Fiskl Platforms (invoice, reminder, quote, recurring);
• Authentication and login attempts.

Fiskl may modify these limits to address abuse, capacity issues, or product changes. Where reasonably possible, customers will be notified in advance of material reductions to fair-use thresholds.

11. Reporting and responsible disclosure

If you become aware of conduct in violation of this AUP, of a security vulnerability in the Fiskl Platforms, or of suspected misuse:

Issue	Email
Security vulnerabilities and responsible disclosure	security@fiskl.com
Suspected fraud or AUP misuse by another customer	abuse@fiskl.com
Privacy or data protection concerns	dpo@fiskl.com
General trust and security questions	trust@fiskl.com

Fiskl will treat reports confidentially to the extent permitted by law. We do not retaliate against good-faith reporters.

12. Enforcement

Fiskl may, in response to a breach or suspected breach of this AUP:

• issue a warning;
• require corrective action within a stated period;
• suspend access to the Fiskl Platforms in whole or in part, with or without prior notice, in accordance with section 12.5 of the Customer Terms of Service;
• terminate the Contract for cause in accordance with section 12.3 of the Customer Terms of Service;
• report to law enforcement, regulators, tax authorities, banking partners, payment processors, AI Providers, and other appropriate parties, in accordance with section 12.5A of the Customer Terms of Service;
• cooperate with civil or criminal proceedings against the offending party;
• recover from the offending party the reasonable costs of investigation and remediation, where permitted by law.

The remedies in this section are cumulative and in addition to all other rights available to Fiskl at law or in equity.

13. Atlas Firm responsibility for its Users

Where an Atlas Firm User breaches this AUP, the relevant Atlas Firm is responsible for the breach to the same extent as if the breach had been committed by the Atlas Firm directly. The Atlas Firm must take reasonable steps to ensure its Atlas Firm Users comply with this AUP, including through training, monitoring, and prompt action on suspected misuse.

14. Customer responsibility for Authorized Users

Where an Authorized User of a Customer breaches this AUP, the Customer is responsible for the breach to the same extent as if the breach had been committed by the Customer directly.

15. Contact

Topic	Email
AUP questions	legal@fiskl.com
Security vulnerabilities	security@fiskl.com
Suspected abuse by another customer	abuse@fiskl.com
Data protection	dpo@fiskl.com
General support	support@fiskl.com

Fiskl Limited (and the wider Fiskl Group) 6A Thirlmere Road London, N10 2DN United Kingdom Company number: 09330290

Effective: 15 March 2026