Legal

Acceptable Use Policy

Last updated 25 June 2026

Working draft (Version 0.4, template) — published for transparency; an Indian practitioner reviews and adapts the exact text before a paying customer signs.

This Acceptable Use Policy ("AUP") supplements the Terms of Service and lists the behaviours we prohibit on the Service. Violations may result in suspension or termination without prior notice and may be reported to law enforcement under the Information Technology Act, 2000, the Bharatiya Nyaya Sanhita, 2023, and the Prevention of Money Laundering Act, 2002.

1. Photo capture integrity

You may not:

  • Upload photographs that were not captured at the property identified by the loan record.
  • Submit a photograph you obtained from the internet, a third-party site visit, a marketing brochure, or another loan.
  • Modify EXIF GPS or timestamp metadata in any image you submit.
  • Spoof or proxy your device GPS while capturing.
  • Re-use a captured photograph for more than one verification.
  • Submit on behalf of someone else without their explicit instruction.

2. Verification workflow

You may not:

  • Attempt to bypass any of the five capture-time security layers (GPS gate, EXIF check, freshness window, perceptual hash, HMAC nonce).
  • Submit photographs designed to deceive the AI model (adversarial inputs).
  • Reverse engineer, scrape, or measure the AI's decision boundary without our written permission.
  • Stand in for a real site engineer or chartered accountant role required by the Real Estate (Regulation and Development) Act, 2016 — the Service supplements but does not replace statutory certifications.

3. Operator and admin conduct

If you are an operator or administrator of a Customer Institution, you may not:

  • Approve a disbursement based solely on the AI verdict — every decision must reflect your independent judgement.
  • Share your credentials with anyone, including your colleagues.
  • Alter, suppress, or tamper with audit log content.
  • Use the Service to view loans belonging to a different organisation.
  • Process personal data outside the documented purposes in your Customer Institution's DPA.

4. Platform security

You may not:

  • Probe, scan, or test the vulnerability of any system or network without our written permission. We welcome responsible disclosure — see Section 9.
  • Send malware, viruses, ransomware, or any other malicious code to the Service.
  • Attempt to gain unauthorised access to any account, computer system, or network connected to the Service.
  • Use any bot, scraper, or automation that exceeds documented API rate limits.
  • Forge HTTP headers, IP addresses, or any other identifier when interacting with the Service.

5. Lawful purpose

You may not use the Service to:

  • Defraud any person.
  • Launder the proceeds of crime or finance terrorism (offences under the Prevention of Money Laundering Act, 2002 and the Unlawful Activities (Prevention) Act, 1967).
  • Violate the Foreign Exchange Management Act, 1999.
  • Impersonate any other person or entity, including a regulator or officer.
  • Distribute, publish, or transmit content that is obscene, defamatory, or unlawful under Section 67–67A of the IT Act.

6. Intellectual property

You may not:

  • Upload content that infringes the copyright, trademark, design, or other intellectual property right of any third party.
  • Remove or obscure attribution, watermarks, or other proprietary notices on our Service.
  • Use our trademarks (including "StageBridge", the brand mark) in advertising, public statements, or product names without our written permission.

7. Reasonable behaviour

  • Treat support staff and other users with respect.
  • Use only one account per natural person.
  • Keep your contact details up to date.
  • Report a suspected breach to grievance@stagebridge.in promptly.

8. Enforcement

We may, on a single instance or pattern of conduct, (a) issue a warning; (b) restrict specific features for the offending user; (c) suspend the account; (d) terminate the account; (e) refer the matter to the Customer Institution; or (f) report the matter to law enforcement. We log enforcement decisions in the audit trail.

9. Responsible disclosure

If you find a vulnerability, write to security@stagebridge.in with a description and a proof of concept. Do not attempt to access production data beyond what is necessary to demonstrate the issue. We will respond within 5 business days, fix verified issues promptly, and credit the reporter publicly on request.