COMPLII

Complii Acceptable Use Policy (AUP)

ControlBox Corp.

This Acceptable Use Policy (“AUP”) governs the use of the Complii Platform operated by ControlBox Corp. (“ControlBox”, “Complii”, “we”, “our”, or “us”).

This policy applies to all customers, users, and organizations accessing or using the Complii platform (the “Customer”).

By accessing or using the Platform, the Customer agrees to comply with this Acceptable Use Policy.

1. Purpose of the Platform

Complii is a compliance technology platform designed to assist organizations with:

  • Anti-Money Laundering (AML) screening
  • Sanctions and watchlist screening
  • Politically Exposed Person (PEP) screening
  • Customer risk scoring
  • Transaction monitoring
  • Compliance case management
  • Compliance reporting and audit support

The platform may only be used for lawful compliance and regulatory purposes.

2. Permitted Use

Customers may use Complii solely for legitimate compliance operations including:

  • AML compliance screening
  • sanctions and watchlist verification
  • regulatory risk assessment
  • financial crime monitoring
  • internal compliance investigations
  • compliance reporting obligations

Customers must ensure that they have a legal basis to process and screen personal data submitted to the Platform.

3. Prohibited Activities

Customers may not use the Platform to:

3.1 Illegal Activities

  • violate any applicable law or regulation
  • perform screening without lawful authority
  • process data obtained unlawfully
  • engage in activities that facilitate fraud or financial crime

3.2 Unauthorized Surveillance or Profiling

Customers may not use the Platform to:

  • conduct surveillance unrelated to compliance obligations
  • investigate individuals for non-compliance purposes
  • screen individuals without a legitimate business or regulatory reason

3.3 System Abuse

Customers may not:

  • attempt to reverse engineer the Platform
  • attempt to extract underlying algorithms
  • attempt to copy or replicate screening logic
  • probe, scan, or test system vulnerabilities without authorization
  • interfere with system operations

3.4 Unauthorized Access

Customers may not:

  • attempt to access other customers’ data
  • bypass access controls
  • impersonate another user or organization
  • attempt to gain unauthorized access to infrastructure systems

3.5 Excessive or Abusive Usage

Customers may not use the Platform in ways that:

  • degrade platform performance
  • disrupt services for other users
  • exceed reasonable API request volumes beyond contractual limits
  • generate automated traffic designed to stress the system

ControlBox reserves the right to throttle or restrict excessive usage.

4. Screening Restrictions

The Platform may not be used to screen individuals:

  • without a legitimate regulatory or compliance purpose
  • for personal background checks unrelated to business compliance
  • for discriminatory or unlawful profiling
  • for activities that violate privacy or data protection laws

Customers must ensure that all screening activities are conducted within applicable legal frameworks.

5. Data Usage Responsibilities

Customers must ensure that:

  • submitted data is obtained lawfully
  • personal data processing complies with applicable data protection laws
  • individuals screened have a legitimate relationship to the Customer’s compliance obligations

Customers remain responsible for determining the lawful basis for data processing.

6. Security Responsibilities

Customers must:

  • maintain secure credentials
  • protect API keys and authentication tokens
  • restrict system access to authorized personnel
  • notify ControlBox promptly of suspected unauthorized access

Customers are responsible for all activity conducted under their account credentials.

7. Artificial Intelligence Features

Complii may provide optional AI-assisted analysis features.

Customers must not rely solely on automated outputs for compliance decisions.

AI outputs must be reviewed by qualified compliance personnel before final decisions are made.

8. Platform Integrity

Customers must not:

  • interfere with infrastructure systems
  • attempt to bypass platform safeguards
  • disrupt monitoring or logging mechanisms
  • distribute malicious code through the Platform

9. Suspension of Service

ControlBox reserves the right to suspend or restrict access to the Platform if:

  • this Acceptable Use Policy is violated
  • usage threatens system stability
  • unlawful activity is detected
  • required by law or regulatory authorities

Where possible, ControlBox will notify the Customer prior to suspension.

10. Reporting Abuse

Customers or third parties may report suspected violations of this policy by contacting:

ControlBox Corp.
Compliance and Security Team

11. Changes to This Policy

ControlBox may update this Acceptable Use Policy periodically.

Updated versions will be posted on the Complii website or within the Platform.

Continued use of the Platform constitutes acceptance of the updated policy.

12. Relationship to Other Agreements

This Acceptable Use Policy forms part of the Complii legal framework and works alongside:

  • Complii Terms of Service
  • Data Processing Agreement
  • Service Level Agreement
  • Privacy Policy

If there is a conflict between documents, the Terms of Service shall prevail unless otherwise specified in a written agreement.