{ New }Centili Maestro is live
All legal documents
Legal

Acceptable Use Policy

This Acceptable Use Policy sets out the rules that everyone using Centili’s platforms, APIs and services must follow. It protects our customers, end users, network operators and the integrity of the payment and messaging ecosystems we connect.

Last updated: 27 June 2026Effective: 1 June 2026

Overview & scope

Centili Group Ltd. (“Centili”, “we”, “us” or “our”) operates direct-carrier-billing, mobile-payment, content-monetisation and SIM-security services that connect merchants, content providers, aggregators and mobile network operators. Because our services touch consumer payments and operator networks, misuse can cause real financial, reputational and regulatory harm. This Acceptable Use Policy (the “Policy”) explains what is and is not permitted when accessing or using our platforms, APIs, dashboards, documentation, websites and any related service (together, the “Services”).

This Policy applies to every user of the Services, including merchants, content and service providers, aggregators, resellers, integration partners, their employees and contractors, and any end user who interacts with a transaction or message that flows through our Services (each a “you”). It forms part of, and is incorporated into, our Terms of Service and any separate written agreement you have with us. Where a separate agreement imposes stricter requirements, those stricter requirements prevail.

You are responsible for your own use of the Services and for the conduct of anyone you permit to use them, including your employees, contractors, sub-merchants and any third party acting on your behalf. You must ensure that your products, websites, applications, marketing and customer journeys comply with this Policy, with all applicable laws, and with the rules of the mobile network operators and payment schemes whose connectivity we provide. Capitalised terms not defined here have the meaning given in the Terms of Service.

Prohibited content & conduct

You must not use the Services to host, transmit, promote, facilitate, link to or generate revenue from any of the following content or conduct. This list is illustrative, not exhaustive — anything with a comparable character or effect is equally prohibited.

Illegal and fraudulent activity

  • Any activity that is unlawful under the laws of England and Wales or under the laws of any jurisdiction in which the relevant end user, merchant or operator is located.
  • Fraud, deception or misrepresentation of any kind, including phishing, identity theft, account takeover, false advertising, fake subscription traps, and schemes designed to obtain money, data or credentials by trickery.
  • Sale, supply or facilitation of illegal goods or services, including unlicensed pharmaceuticals, controlled substances, weapons, stolen goods, counterfeit items, illegal gambling, and any product or service that requires a licence or authorisation that you do not hold.
  • Pyramid schemes, Ponzi schemes, multi-level marketing structured to deceive, “get rich quick” schemes, and other practices designed to defraud consumers.

Intellectual property and privacy

  • Content that infringes any copyright, trade mark, patent, database right, trade secret or other intellectual-property right, including unlicensed distribution of music, video, software, games or other protected works.
  • Content that misappropriates another person’s identity, brand or likeness, or that falsely implies endorsement, affiliation or sponsorship by us, by a network operator or by any third party.
  • Unlawful collection, sale or disclosure of personal data, or any processing that breaches the UK GDPR, the Data Protection Act 2018 or the Privacy and Electronic Communications Regulations 2003 (PECR). See our Privacy Policy.

Harmful, exploitative and abusive content

  • Child sexual abuse material (CSAM) or any content that sexualises, exploits or endangers a minor. We operate a strict zero-tolerance approach and will report such material to the relevant authorities, including the National Crime Agency and the Internet Watch Foundation, without notice.
  • Adult or sexually explicit content where it is unlawful, where age verification and operator approval are not in place, or where it is provided to a network operator or market in which such content is prohibited.
  • Content that incites or promotes terrorism, violence, self-harm, human trafficking, modern slavery, or hatred or discrimination on the basis of any characteristic protected under the Equality Act 2010.
  • Harassment, threats, bullying, doxxing or stalking of any individual.

Technical abuse

  • Malware, ransomware, spyware, viruses, worms, trojans, or any code designed to disrupt, damage, gain unauthorised access to, or covertly monitor any system, device, SIM or network.
  • Spam or unsolicited bulk messaging, including SMS, MMS, RCS, push, email or any other channel, sent without a valid lawful basis and the recipient’s consent where required by PECR.
  • Deceptive billing flows, hidden or pre-ticked charges, misleading calls-to-action, and any user interface designed to trick an end user into incurring a charge or a subscription they did not knowingly accept (“dark patterns”).
  • Network abuse, including traffic pumping, artificially inflated traffic (AIT), SMS or one-time-password (OTP) pumping, robocalling, and any practice that artificially generates message or transaction volume to extract revenue.

Prohibited payment & billing practices

Because we process consumer payments and operator-billed charges, the following practices are specifically prohibited in addition to anything covered above.

  • Chargeback and refund abuse. Manipulating, encouraging or systematically generating chargebacks, refund requests or billing reversals; structuring transactions to evade chargeback thresholds; or processing transactions you know or suspect will be disputed.
  • Money laundering and terrorist financing. Using the Services to launder the proceeds of crime, finance terrorism, or evade tax or reporting obligations. All users must comply with our AML & KYC Policy, the Proceeds of Crime Act 2002 and the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
  • Friendly fraud and first-party misuse. Initiating transactions with the intention of later denying authorisation, or otherwise using your own or a related party’s payment instruments or mobile accounts to generate disputed or fraudulent volume.
  • Transaction laundering and factoring. Processing transactions on behalf of an undisclosed third party, submitting transactions that do not result from a bona fide sale by you, or routing another business’s payments through your account.
  • Unauthorised or unapproved merchant categories. Using the Services for any business category that we, a network operator or a payment scheme has not approved, or that is prohibited by applicable law or operator policy. Prohibited categories include, without limitation, illegal gambling, unlicensed financial services, dealing in stolen or counterfeit goods, illegal pharmaceuticals or controlled substances, weapons, and content of the kinds prohibited under Prohibited content & conduct above.
  • Misleading pricing and unauthorised charges. Charging an end user without their clear, informed and (where required) double-confirmed consent; failing to disclose the full price, currency, recurrence and how to cancel before a charge is taken; or charging more than was disclosed.
  • Sanctions evasion. Processing transactions for or on behalf of any person, entity or jurisdiction subject to UK, EU, US or UN sanctions, or attempting to circumvent screening controls. See our Sanctions Policy.

Security & integrity

You must respect the security and operational integrity of the Services and of the networks and systems we connect to. You must not:

  • Access, or attempt to access, any account, system, data or network without authorisation, or use credentials, API keys or tokens that were not issued to you.
  • Probe, scan, penetration-test, load-test, stress-test or otherwise test the vulnerability of the Services or our infrastructure without our prior written consent. Authorised security research is welcomed under our Responsible Disclosure Policy.
  • Circumvent, disable or interfere with any authentication, rate limiting, fraud-prevention, filtering or security feature of the Services.
  • Scrape, harvest, crawl or use automated means to extract data from the Services beyond what our documented APIs and rate limits permit.
  • Reverse engineer, decompile or disassemble any part of the Services, or attempt to derive source code, underlying algorithms or non-public interfaces, except to the limited extent such restriction is prohibited by applicable law.
  • Introduce any harmful code into the Services, or use the Services to deliver a denial-of-service attack, to relay malicious traffic, or to compromise any third party.
  • Resell, sublicense, share or expose your API credentials, or operate the Services in a way that imposes an unreasonable or disproportionate load on our infrastructure.

You must keep your credentials confidential, secure your own systems to a reasonable industry standard, and promptly notify us at security@centili.co.uk if you suspect any compromise, unauthorised access or vulnerability affecting the Services.

Messaging & telecom rules

Mobile messaging and operator billing are tightly regulated and governed by the rules of each network operator. When you use our messaging, OTP, premium-rate or direct-carrier-billing capabilities, you must:

  • Comply with the policies, technical requirements and content rules of every mobile network operator, aggregator, scheme and regulator whose connectivity is used to deliver your traffic, and with any applicable code of practice (including, in the UK, the Phone-paid Services Authority Code where relevant).
  • Obtain and retain clear, specific and demonstrable consent from each end user before generating any charge to their mobile account or sending any marketing message, in line with PECR and the UK GDPR. Consent must not be bundled, pre-ticked or obtained by deception.
  • Disclose pricing transparently and prominently before any charge: the price, currency, whether the charge is one-off or recurring, the billing frequency, and clear, simple instructions for how the end user can cancel or stop a subscription (for example, a working “STOP” keyword for SMS services).
  • Use only approved sender IDs, short codes, numbers and routes, and not spoof, alter or disguise sender information or message origin.
  • Honour opt-outs immediately, maintain accurate suppression lists, and not re-engage end users who have withdrawn consent.
  • Not send, generate or facilitate artificially inflated traffic, OTP pumping, grey-route traffic, or traffic that bypasses an operator’s legitimate commercial terms.

We may apply additional, operator-specific requirements to your account. Where an operator suspends, restricts or imposes conditions on a route, we may pass through those restrictions to you without notice to remain compliant with the operator’s rules.

Monitoring & investigation

We do not routinely monitor the content of every transaction or message, but we may monitor, review, inspect and audit traffic, content, transactions and account activity where we reasonably consider it necessary to operate the Services, protect end users and operators, detect fraud or abuse, comply with law, or enforce this Policy. We may use automated systems and risk scoring to detect prohibited activity.

You must cooperate with any reasonable investigation we conduct into suspected breaches of this Policy, including providing information about your business, customer-consent records, transaction flows and the identity of any third party on whose behalf you act. We may require you to remedy a breach within a specified period and to provide evidence of the remediation.

Consequences of breach

Breaching this Policy is a material breach of your agreement with us. Depending on the nature and severity of the breach, and acting proportionately, we may take any one or more of the following actions, with or without notice where the circumstances require:

  • Issue a warning and require you to remediate the breach within a stated timeframe.
  • Remove, disable, filter or block specific content, messages, campaigns, transactions, routes or merchant categories.
  • Throttle, rate-limit, restrict or suspend your access to all or part of the Services, including any affected API key, sender ID or route.
  • Withhold, freeze, set off or reverse settlement of funds where we reasonably suspect fraud, money laundering, chargeback exposure or unlawful activity, as permitted by our agreement and applicable law.
  • Suspend or terminate your account and your agreement with us.
  • Report the matter to mobile network operators, payment schemes, law-enforcement agencies, the National Crime Agency, the Information Commissioner’s Office (ICO), the Office of Financial Sanctions Implementation (OFSI) or other regulators, and make any disclosure required by the Proceeds of Crime Act 2002 or other applicable law.
  • Recover from you any losses, fines, penalties, scheme assessments or costs arising from the breach.

Our decision not to act on a particular breach does not waive our right to act on the same or a similar breach in future. Where we are legally prohibited from notifying you of a report (for example, in the context of a suspicious activity report), we will comply with that prohibition. This Policy is governed by the laws of England and Wales, and any dispute is subject to the jurisdiction of the courts of England and Wales.

Reporting abuse

If you become aware of any content, message, transaction or activity that breaches this Policy, please report it to us promptly at compliance@centili.co.uk. Where possible, include the relevant account, campaign, sender ID, short code, transaction reference or message content, the date and time, and a description of the issue so that we can investigate effectively.

To report a suspected security vulnerability, please follow our Responsible Disclosure Policy and contact security@centili.co.uk. To raise a complaint about how we have handled a matter, see our Complaints & Dispute Resolution policy. We take every report seriously and will not penalise anyone for reporting a suspected breach in good faith.

Changes to this policy

We may update this Policy from time to time to reflect changes in our Services, in operator and scheme rules, in the law, or in the abuse and fraud threats we observe. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify account holders through the Services or by email. Your continued use of the Services after a change takes effect constitutes acceptance of the updated Policy. We encourage you to review this Policy periodically.

Contact

Questions about this Acceptable Use Policy, or reports of suspected abuse, should be directed to our compliance team at compliance@centili.co.uk. For other legal enquiries, contact legal@centili.co.uk.

Centili Group Ltd.
[Registered office address — to be confirmed], United Kingdom
Company number: [Company number — to be confirmed]
VAT number: [VAT number — to be confirmed]