Acceptable Use Policy

Scope

Permitted use

• Use sepia.live for lawful internal travel operations, itinerary planning workflows, and traveler service activity.
• Manage itineraries, proposals, traveler records, estimates, invoices, trips, and trip history records.
• Communicate with your travelers, clients, and staff in connection with legitimate travel operations.
• Use supported APIs and exports for your own internal integrations, backup, migration, and reporting.
• Configure your own business terms and customer-facing operational content where the platform allows it.

Prohibited activity

• Do not use the platform for unlawful, fraudulent, deceptive, abusive, defamatory, threatening, or harassing activity.
• Do not infringe intellectual property, privacy, confidentiality, or other third-party rights.
• Do not introduce malware, ransomware, malicious scripts, or other harmful code.
• Do not attempt unauthorized access to sepia.live, other users, or Tangible Spin LLP infrastructure.
• Do not scrape, crawl, harvest, reverse engineer, decompile, or disassemble the service except where law clearly permits it.
• Do not disable or work around security, rate limits, access controls, or free trial restrictions.
• Do not share credentials outside your organization or allow illegitimate third-party access under your account.
• Do not resell, white-label, sublicense, benchmark for public publication, or use the service to build a competing product without prior written consent.

Data and privacy rules

• Collect and process personal data only where you have a lawful basis and any required notices or consents.
• Do not over-collect data or use sepia.live for unrelated profiling, brokering, surveillance, or sale of personal data.
• Do not enter special-category or similarly sensitive data beyond what is genuinely necessary for normal travel business operations unless we have agreed in writing.
• Keep customer and trip records accurate, relevant, and updated where reasonably possible.
• Ensure your staff understand and follow their privacy and security responsibilities.
• Use the platform consistently with the Data Processing Agreement and applicable law.

API and technical use

• Use only documented or expressly supported APIs and integration methods.
• Do not automate prohibited actions through APIs, bots, browser automation, or other tooling.
• Do not perform penetration testing, vulnerability scanning, or stress testing without prior written approval.
• Store API keys and account credentials securely and rotate or revoke them promptly if compromise is suspected.
• Keep usage within normal operational bounds and published limits. Persistent excessive load may trigger review or restriction.

Content standards

• Content entered into sepia.live should be accurate, professional, and relevant to the operational purpose for which it is stored.
• Custom legal text, travel business notes, and customer communications remain your responsibility.
• We may remove or restrict content that violates this policy where needed to protect the platform, users, or third parties.

Reporting and enforcement

Changes

We may update this policy from time to time to reflect platform changes, abuse patterns, or legal requirements. Material changes will be posted on the site and, where appropriate, notified in advance.

Contact