Acceptable Use Policy

This AUP sets out the rules and restrictions governing your use of Glasshouse's Services, including the web application, APIs, command-line tools, and all data accessed through these channels. It applies to all users, including individual account holders, authorised users under organisational accounts, and any third parties who access the Services on your behalf.

Glasshouse may update this AUP from time to time. The current version will always be available at /legal/acceptable-use. Your continued use of the Services after any changes constitutes acceptance of the updated AUP.

In the event of a conflict between this AUP and the Terms of Service, the Terms of Service shall prevail unless this AUP expressly states otherwise.

You may use the Services for lawful business purposes, including but not limited to: conducting due diligence on corporate entities; performing know-your-customer (KYC) and anti-money laundering (AML) checks; assessing counterparty and supply chain risk; researching corporate structures and beneficial ownership; analysing relationships between entities using graph analysis tools; and monitoring entities for regulatory compliance purposes.

You may access and use data provided through the Services in accordance with your subscription plan, including exporting search results and reports for your internal business records, integrating Glasshouse data into your own compliance workflows via the API, and sharing outputs with authorised personnel within your organisation.

All use of the Services must be carried out by authorised users who have been properly authenticated. You are responsible for ensuring that all authorised users are aware of and comply with this AUP.

Use the Services to stalk, harass, threaten, intimidate, or discriminate against any individual or group. This includes using entity data, corporate officer information, or address data to locate, contact, or target individuals for purposes unrelated to legitimate business activities.

Use the Services to facilitate fraud, financial crime, money laundering, terrorist financing, sanctions evasion, bribery, corruption, or any other criminal activity.

Scrape, crawl, or systematically extract data from the Services beyond the scope permitted by your subscription plan and the API Terms. Automated access must be conducted exclusively through Glasshouse's official APIs in compliance with applicable rate limits.

Attempt to reverse engineer, decompile, disassemble, or otherwise derive the source code, algorithms, or data models underlying the Services, including Glasshouse's entity resolution logic, risk scoring methodology, or graph analysis algorithms.

Resell, redistribute, sublicence, or otherwise make data obtained through the Services available to third parties, except as expressly permitted by your subscription plan or a separate written agreement with Glasshouse.

Use the Services in a manner that disrupts, degrades, or impairs the functionality, performance, or availability of the Services for other users, including through excessive API calls, denial-of-service attacks, or the introduction of malware or malicious code.

Create false, misleading, or deceptive accounts, including accounts registered using fictitious identities or credentials belonging to another person or entity without authorisation.

Use the Services to build, train, or improve a competing product or service, including any corporate intelligence, entity resolution, or data enrichment platform.

Data obtained through the Services, including corporate filings, officer data, beneficial ownership information, and risk scores, may only be used for the purposes permitted by your subscription plan and applicable law. You must not use such data in any way that violates the UK Data Protection Act 2018, UK GDPR, or any other applicable data protection legislation.

You must not aggregate, combine, or enrich data obtained from the Services with other datasets for the purpose of creating a competing database or data product, or for any purpose that would constitute a substantial extraction or re-utilisation of the contents of any database protected under the Copyright and Rights in Databases Regulations 1997.

Where the Services provide access to data sourced from Companies House or other public registries, you must comply with the applicable terms and conditions of those registries, including the Companies House Terms of Use and the Open Government Licence where applicable.

You must not use data obtained from the Services for unsolicited marketing, spam, or direct marketing communications unless you have a lawful basis for such communications under applicable law, including the Privacy and Electronic Communications Regulations 2003.

You must take reasonable measures to protect your account credentials, API keys, and any other authentication tokens from unauthorised access. This includes using strong, unique passwords, enabling multi-factor authentication where available, and storing API keys securely (for example, in environment variables or a secrets management system rather than in source code repositories).

You must not share your account credentials or API keys with unauthorised individuals. Access to the Services must be limited to authorised users as defined in your subscription plan.

You must promptly notify Glasshouse at security@glasshouse.sh if you become aware of any security breach, unauthorised access to your account, or compromise of your API keys.

You must not attempt to probe, test, or exploit vulnerabilities in the Services, including through penetration testing, vulnerability scanning, or other security assessment activities, without prior written authorisation from Glasshouse.

If you become aware of any violation of this AUP by another user, or if you believe that data obtained through the Services is being misused, please report it to abuse@glasshouse.sh. Please include as much detail as possible, including the nature of the violation, the user or account involved, and any supporting evidence.

Glasshouse will investigate all reported violations in a timely manner and will take appropriate action, which may include the measures described in Section 7 below. We will not disclose the identity of the reporter except as required by law or as necessary to resolve the reported issue.

Glasshouse reserves the right to investigate any suspected violation of this AUP. During an investigation, Glasshouse may suspend your access to the Services as a precautionary measure.

If Glasshouse determines that you have violated this AUP, we may, at our sole discretion and without limiting any other remedies available to us: (a) issue a written warning; (b) temporarily suspend your access to the Services; (c) permanently terminate your account; (d) remove or disable access to any content or data that violates this AUP; (e) report the violation to relevant law enforcement or regulatory authorities; or (f) take legal action to enforce our rights.

Glasshouse's decision to take or refrain from taking enforcement action in any particular case does not constitute a waiver of our right to enforce this AUP in future cases or against other users.

You acknowledge that violations of this AUP may cause irreparable harm to Glasshouse, its users, and third parties, and that Glasshouse may seek injunctive or other equitable relief in addition to any other remedies available at law or in equity.

Glasshouse reserves the right to modify this AUP at any time. We will post the updated AUP on our website and update the "Last Updated" date at the top of this page. Where material changes are made, we will make reasonable efforts to notify you via email or through the Services.

Your continued use of the Services following any changes to this AUP constitutes your acceptance of the updated policy. If you do not agree with the changes, you must discontinue your use of the Services.

If you have any questions about this Acceptable Use Policy, please contact us at legal@glasshouse.sh.