Acceptable Use Policy

Version 1.0 — DRAFT for review · Effective date: [EFFECTIVE DATE]

⚠ DRAFT — NOT LEGAL ADVICE. Solicitor review required before use. Complete all [bracketed placeholders].

This Acceptable Use Policy ("AUP") forms part of the Terms of Service and applies to all use of the Pariah Platform. Facial recognition is one of the most heavily scrutinised technologies under UK law. Breaching this AUP is a material breach of the Terms and may result in immediate suspension or termination.

1. You must, before processing anyone

1.1 Be the data controller and have a valid lawful basis under UK GDPR Article 6 and a condition under Article 9 for special‑category biometric data (see /legal/legal-basis).

1.2 Complete and maintain a Data Protection Impact Assessment (see /legal/dpia) and, where the DPIA shows high residual risk you cannot mitigate, consult the ICO before going live.

1.3 Provide clear, prominent notice to individuals — including signage at all monitored entrances and areas, and an accessible privacy notice explaining the use of facial recognition, the controller's identity, purposes, retention, and how to exercise rights.

1.4 Restrict enrolment to individuals you may lawfully process, with a documented, proportionate justification for each watchlist/profile entry.

2. You must not

• Use the Platform for any unlawful, discriminatory, or harassing purpose, or in breach of the Equality Act 2010 (e.g. profiling on the basis of protected characteristics).
• Use it for stalking, vigilantism, monitoring of individuals in their private capacity, or any covert surveillance that lacks a lawful basis.
• Enrol or target children or process their data without specific, lawful safeguards.
• Treat a Platform match as conclusive — outputs are probabilistic and must not be the sole basis for any decision producing legal or similarly significant effects on a person (e.g. refusing entry, detaining, reporting) without meaningful human review.
• Share, sell, or pool watchlists/profiles with third parties unlawfully, or combine Platform data with other sources in a way that lacks a lawful basis.
• Use the Platform to make automated decisions in breach of UK GDPR Article 22.
• Attempt to identify individuals outside the lawful security purpose for which you deployed the Platform.
• Circumvent Subscription limits, probe or attack the Platform's security, or use it to build a competing service.

3. Accuracy, fairness, and human oversight

You are responsible for the accuracy of profile data, for keeping watchlists current and proportionate, for promptly processing erasure and other rights requests (including for individuals on a watchlist), and for ensuring trained humans review and act on outputs fairly.

4. Security of your account

Keep credentials secure, assign roles on a least‑privilege basis, and remove access promptly when Authorised Users leave. You are responsible for activity under your account.

5. Enforcement

We may investigate suspected breaches and may suspend or terminate access where we reasonably believe use is unlawful, unsafe, or in breach of this AUP, including to comply with our own legal obligations. We may report unlawful activity to authorities where required.

AUP queries: legal@pariah.dev