Acceptable Use Policy
Conduct, content, and activities that are permitted — and those that are not — when using BillBasket products and services.
Lawful use
You must use the Services only for lawful purposes and in compliance with all applicable Indian laws, RBI directions, FEMA, GST rules, the Information Technology Act, the Digital Personal Data Protection Act, and any sectoral regulations that apply to you.
Financial-crime prohibitions
You must not use the Services to:
- launder money, finance terrorism, or evade sanctions;
- process transactions on behalf of sanctioned persons or entities;
- engage in payment fraud, transaction laundering, or fake-sales schemes;
- abuse refund and chargeback mechanisms;
- misrepresent your business identity, ownership, or beneficial owners.
Restricted business categories
BillBasket does not knowingly support businesses in the following categories:
- illegal goods or services, narcotics, and counterfeit products;
- unlicensed gambling, betting, and lottery operations;
- child sexual abuse material (CSAM) and content sexually exploiting minors;
- human trafficking, forced labour, and exploitative practices;
- weapons, explosives, and material restricted by Indian law;
- multi-level marketing schemes whose primary revenue depends on recruitment;
- businesses promoting hate, violence, or unlawful discrimination.
Some additional categories may require enhanced due diligence (high-risk merchants, MSBs, crypto). Contact sales@billbasket.in before onboarding.
Security restrictions
You must not:
- access accounts, systems, or data that do not belong to you;
- probe, scan, or test the vulnerability of the Services without prior written authorisation (see research carve-out);
- introduce malware, ransomware, or any malicious code;
- conduct denial-of-service or amplification attacks;
- circumvent rate limits, authentication, or licensing checks.
API misuse
API credentials must remain confidential to your organisation and rotated promptly on suspected compromise. You must not:
- resell API access without our written consent;
- scrape data systematically beyond the documented endpoints and rate limits;
- cache or store data in ways that defeat data-subject rights or our retention rules;
- use the APIs to train AI models on personal data you do not own or are not authorised to use.
IP & reverse engineering
You must not modify, decompile, or reverse-engineer the Services except to the limited extent permitted by applicable law. You must not remove copyright, trademark, or other proprietary notices.
Spam & unsolicited communication
Use of the Services to send unsolicited SMS, WhatsApp, email, or calls is prohibited. You are responsible for obtaining valid consent under the DLT framework and TRAI regulations and for honouring opt-outs immediately.
Security research carve-out
Good-faith security research is welcome under a coordinated disclosure arrangement. Email support@billbasket.in with the subject line "Research authorisation" before testing. Unauthorised testing of production systems is a breach of this policy.
Consequences
Violations may result in immediate suspension, termination, withholding of settlements where law permits, reporting to authorities, and recovery of losses caused to BillBasket or third parties.
Contact
Report violations to support@billbasket.in.