Acceptable Use Policy

1. Scope

This Acceptable Use Policy applies to all ATM accounts, apps, checkouts, products, subscriptions, tickets, webhooks, APIs, public records, payment flows, and dashboard activity.

If a payment is processed by Stripe or another processor, the processor's prohibited and restricted business rules also apply. ATM may reject, suspend, refund, remove, or block activity that a processor, bank, card network, law, or ATM policy does not support.

2. Illegal, unsafe, or abusive activity

You may not use ATM for illegal activity, fraud, stolen payment methods, sanctions evasion, money laundering, terrorist financing, tax evasion, deceptive commerce, impersonation, account takeover, spam, malware, unauthorized access, phishing, harassment, exploitation, or activity that creates unreasonable risk for ATM, apps, recipients, payers, processors, or AT Protocol services.

You may not use ATM to evade account limits, create duplicate accounts after suspension, hide the true seller or beneficiary, manipulate payment records, falsify products or event availability, or interfere with ATM, app, processor, or PDS systems.

3. Processor-restricted businesses

Stripe publishes a Prohibited and Restricted Businesses list. Because Stripe is ATM's launch processor, you may not use ATM for Stripe-prohibited activity, and restricted activity requires any approvals Stripe and ATM require before payments begin.

Examples of activity that may be prohibited or restricted include unauthorized content or IP sales, adult sexual content, marijuana or certain CBD products, gambling, certain financial services, unsupported fundraising, payment facilitation or aggregation outside ATM's approved Connect model, stored value or credits, sanctioned activity, high-risk goods, and other categories listed by Stripe or applicable processors.

Stripe and ATM may update restricted categories over time. You are responsible for reviewing applicable processor rules before using ATM for a new business model, product, event, app, or campaign.

4. AT Protocol and public records

You may not publish private payment data, card data, bank details, legal identity documents, passwords, app secrets, QR secrets, shipping addresses, attendee answers, private messages, tax IDs, or other sensitive information into public AT Protocol records through ATM.

You may not use ATM public records, lexicons, webhooks, or app integrations to mislead users about payment status, ownership, entitlement, ticket validity, organizer approval, app support, or processor approval.

5. Products, subscriptions, tickets, and events

Products, services, subscriptions, commissions, memberships, tickets, and event listings must be accurately described, lawful, deliverable, and supported by the seller or organizer. You must not sell goods, services, or tickets you do not have the right or practical ability to provide.

Ticket inventory, free limited tickets, QR passes, wallet passes, and check-ins must use approved ATM ticket flows or another approved inventory system. You may not bypass capacity controls, duplicate tickets, share scan secrets, or knowingly create oversold or misleading event inventory.

6. Apps and developer activity

Apps must not create misleading checkouts, misstate the recipient, hide fees, misroute app fees, submit another app's DID, send webhook spam, abuse service-auth, store more personal data than needed, or use ATM data outside the app-scoped purpose for which it was provided.

Apps must not use ATM developer tools to create a payment facilitator, marketplace, money transmission service, stored-value system, lending service, or other regulated service unless ATM and the applicable processor explicitly support that use case in writing.

7. Enforcement

ATM may review, delay, suspend, cancel, refund, block, rate-limit, remove, or report activity if ATM believes this policy, processor rules, network rules, app terms, or law may be violated.

ATM may preserve or disclose information when needed for security, fraud prevention, legal compliance, processor compliance, chargebacks, disputes, risk reviews, or protection of users, apps, recipients, processors, or the AT Protocol ecosystem.