Joqiva Acceptable Use Policy

2 June 2026

This Acceptable Use Policy ("Policy") explains what you must not do when using Joqiva. This Policy forms part of the Joqiva Terms of Service available. By using Joqiva, you agree to this Policy. This Policy applies to Joqiva websites, web application, customer-facing pages, documented interfaces, communications, files, forms and related services, features and documentation that we provide. Where we make native mobile applications available, this Policy also applies to those applications unless separate terms apply.

Joqiva is operated by FOP Mykola Marchuk Mykolaiovych, an individual entrepreneur registered in Ukraine, trading as Joqiva. Joqiva's current legal entity details, trading name, website, country of establishment, establishment address, correspondence address, registration information, tax status, contact details, privacy contact and UK/EU representative details, where required, are maintained in the Legal Notice.

This Policy applies to: (a) workspace owners; (b) workspace administrators; (c) invited users; (d) staff and contractors using a Joqiva workspace; (e) users of documented interfaces; (f) End Customers using Joqiva customer-facing pages; (g) anyone accessing Joqiva links, customer-facing pages, documents, files or forms; and (h) anyone using or attempting to use the Service. If you use Joqiva on behalf of a business, you are responsible for ensuring that all users you invite, authorise or allow to access your workspace comply with this Policy. End Customers may use Joqiva customer-facing pages only for their intended purpose.

Joqiva is intended for business use by sole traders, service businesses, companies, partnerships, authorised staff and authorised contractors. You must not use Joqiva for personal, household or consumer subscription use. End Customers of Joqiva customers may be consumers, homeowners, tenants or other individuals. They may use customer-facing pages only for their intended purpose, such as viewing a quote or invoice, accepting or declining a quote, asking a question, downloading a document, or reporting a payment to the relevant Joqiva customer.

You must use Joqiva lawfully, fairly, honestly and only for its intended business workflow purposes. You must not use Joqiva in any way that: (a) breaks the law; (b) misleads anyone; (c) harms Joqiva, Joqiva customers, End Customers or third parties; (d) interferes with the Service; (e) creates security or operational risk; (f) damages Joqiva's email, domain, infrastructure or service reputation; (g) infringes rights; (h) processes data you are not authorised to process; (i) causes Joqiva to breach law, contract or third-party terms; (j) uses Joqiva customer-facing pages, emails, links, documented interfaces, files, forms or content areas to deploy unauthorised cookies, tracking pixels, scripts, tags, link decoration, fingerprinting, advertising technology or similar tracking technologies; or (k) breaches the Terms of Service, DPA, Privacy Policy, Cookie Policy, AI Processing Notice or this Policy.

You must not use Joqiva: (a) for illegal, fraudulent or deceptive activity; (b) to create or send fake invoices; (c) to create or send fake quotes; (d) to create false customer records; (e) to create false payment reports; (f) to impersonate another person or business; (g) to misrepresent your authority to act for a business; (h) to mislead End Customers about services, prices, VAT, tax, bank details, payment status or work completed; (i) to hide, disguise or facilitate fraud; (j) to support scams, phishing, invoice fraud or social engineering; (k) to support bribery, corruption, tax evasion, money laundering, terrorist financing or sanctions evasion; (l) to harass, threaten, abuse or intimidate anyone; (m) to discriminate unlawfully; (n) to publish or share unlawful, defamatory, obscene or abusive content; (o) to infringe intellectual property, privacy, confidentiality or data protection rights; (p) to breach court orders, regulatory restrictions or legal duties; (q) to support terrorism, violent extremism or unlawful organised crime; (r) to encourage, assist or facilitate suicide, self-harm or serious physical harm; (s) to sell, advertise, arrange or facilitate illegal goods, illegal services, regulated weapons, controlled drugs, stolen goods, counterfeit goods or other restricted goods or services; (t) to publish, upload, store, send or share content that is illegal in the United Kingdom or in any jurisdiction relevant to your use of the Service; or (u) to support any activity that Joqiva reasonably considers harmful, unlawful, abusive or unsafe.

You must not use Joqiva to upload, store, send, publish or share: (a) child sexual abuse material; (b) terrorist content; (c) content encouraging terrorism or violent extremism; (d) non-consensual intimate images; (e) content facilitating human trafficking, exploitation or modern slavery; (f) content encouraging suicide, self-harm or serious physical harm; (g) unlawful hate content, threats or harassment; (h) content used for grooming, coercion, blackmail or abuse; or (i) any other illegal content. We may remove, restrict, preserve, report or disclose information about such content where required or permitted by law, or where reasonably necessary to protect people, the Service, Joqiva customers, End Customers or third parties.

Joqiva does not process, collect, hold, transfer, settle, control or transmit money owed by End Customers to Joqiva customers. End Customers pay directly into the Joqiva customer's bank account by bank transfer. Joqiva does not initiate bank transfers, access payment accounts, or instruct banks or payment institutions to move End Customer funds. You must not use Joqiva: (a) to claim that Joqiva processes End Customer payments; (b) to claim that Joqiva holds money for you; (c) to claim that Joqiva verifies payment receipt; (d) to collect, request or process card payments from End Customers through Joqiva; (e) to collect full payment card numbers, CVC codes, expiry dates or raw card data; (f) to provide payment initiation services; (g) to provide account information services; (h) to provide escrow, money remittance or regulated payment services; (i) to suggest that Joqiva is authorised, registered or regulated as a payment institution, e-money institution, payment initiation service provider, account information service provider or money remittance provider; (j) to display bank transfer instructions for an account you are not authorised to use; (k) to redirect End Customer payments to an unauthorised bank account; (l) to alter bank details fraudulently; (m) to submit false "I've paid" confirmations; (n) to upload false or misleading payment evidence; (o) to mark invoices as paid when you know payment has not been received; (p) to deceive End Customers about payment status; (q) to misrepresent overdue invoice status; (r) to use End Customer invoice payment records as evidence of your Joqiva subscription payment; or (s) to commit or facilitate invoice fraud. You are responsible for checking your own bank account and confirming whether money has been received.

If you add bank transfer instructions to Joqiva, you must ensure that: (a) you are authorised to provide those bank details; (b) the bank details are accurate; (c) payment instructions are clear and lawful; (d) End Customers are not misled; (e) payment references are accurate; (f) bank details are reviewed before quotes, invoices, reminders or documents are sent; and (g) unauthorised users cannot change bank details. You must promptly report suspected unauthorised changes to bank details or payment instructions using the support or legal contact details in the Legal Notice.

You must not use Joqiva customer-facing pages, quotes, invoices, documents, reminders or links: (a) to misrepresent work, goods or services; (b) to charge for work not authorised or not carried out; (c) to misrepresent VAT, tax, fees or charges; (d) to hide material terms from End Customers; (e) to mislead End Customers about acceptance, cancellation, refunds or payment deadlines; (f) to create fake acceptance records; (g) to manipulate quote acceptance history; (h) to create misleading audit records; (i) to impersonate an End Customer; (j) to pressure, threaten or harass an End Customer; (k) to share confidential information with unintended recipients; (l) to publish personal data unnecessarily; (m) to publish unlawful or harmful content; (n) to expose customer-facing links publicly where that creates an unreasonable privacy, fraud or security risk; (o) to deploy, embed, trigger or link to unauthorised cookies, tracking pixels, analytics scripts, advertising tags, retargeting technologies, link decoration, fingerprinting technologies or similar tracking technologies; or (p) to breach consumer, trade, professional, tax, accounting, electronic communications or data protection law. Joqiva customer-facing links must be shared only with intended recipients. Anyone with a valid customer-facing link may be able to access the relevant page unless additional access controls apply. If you believe a customer-facing link has been shared with the wrong person, compromised or misused, you must take reasonable steps to revoke, replace or stop using that link where the Service allows it, and you should contact Joqiva support if help is needed.

Joqiva may provide service emails, quote notifications, customer-facing quote link SMS messages, invoice notifications, reminders and related workflow communications. You must not use Joqiva email, SMS or reminder features: (a) to send spam; (b) to send unsolicited marketing through Joqiva unless Joqiva expressly provides a marketing feature and your use is lawful; (c) to send bulk marketing campaigns; (d) to send unlawful electronic communications; (e) to send misleading reminders; (f) to send excessive reminders; (g) to harass, threaten or pressure End Customers; (h) to send messages to people who should not receive them; (i) to send messages to inaccurate, guessed, scraped or harvested email addresses or phone numbers; (j) to send messages containing malware, phishing links or deceptive links; (k) to disguise the sender identity; (l) to damage Joqiva's email deliverability, SMS sender reputation or domain reputation; (m) to bypass unsubscribe, opt-out, objection or suppression requests; (n) to send marketing content in messages that are presented as service messages; (o) to send content that infringes rights, breaches confidentiality or exposes unnecessary personal data; (p) to add, embed or disguise tracking pixels, link tracking, redirect tracking, advertising tags, marketing pixels or similar tracking technologies unless Joqiva expressly provides that feature and you have all required notices, permissions and consents; or (q) to breach PECR, UK GDPR, the Data Protection Act 2018, direct marketing rules or other applicable electronic communications laws. Joqiva is not designed as a bulk marketing platform. If Joqiva ever enables a marketing communication feature, you must use it only if you have all required permissions, notices, lawful bases and consents. Service messages, quote emails, quote link SMS messages, invoice emails and reminders must not be used as a disguise for marketing.

If Joqiva enables inbound email processing, email forwarding, email parsing or attachment processing, you must ensure that: (a) you are authorised to forward or process those emails through Joqiva; (b) you provide required privacy notices to relevant people; (c) email routing rules are accurate; (d) confidential emails are not forwarded unnecessarily; (e) attachments are relevant to the workflow; (f) attachments do not contain malware; (g) attachments do not contain unlawful content; (h) attachments do not contain unnecessary sensitive data; (i) attachments do not infringe rights; and (j) attachments are not used to attack, overload or test Joqiva systems. You must not use inbound email features to capture emails, attachments or personal data that you are not authorised to process. You must not configure inbound routes or forwarding rules in a way that captures unrelated mailboxes, unrelated staff emails, private emails or third-party communications outside your lawful business purpose.

You must not upload, store, send or share content that: (a) is unlawful; (b) is malicious; (c) contains malware, viruses, spyware, ransomware or harmful code; (d) is intended to bypass security controls; (e) infringes intellectual property rights; (f) breaches confidentiality; (g) contains personal data you are not authorised to process; (h) contains unnecessary special category personal data; (i) contains unnecessary criminal offence data; (j) contains full payment card numbers, CVC codes, expiry dates or raw card data; (k) contains passwords, access tokens, confidential credentials, system secrets or other security credentials; (l) contains stolen data; (m) contains false or misleading payment evidence; (n) contains child sexual abuse material; (o) contains non-consensual intimate images or unlawful sexual content; (p) contains content encouraging or facilitating suicide, self-harm, terrorism, violent extremism or serious physical harm; (q) contains violent, exploitative or abusive material; (r) contains content that may damage Joqiva or third parties; or (s) is otherwise inappropriate for a business workflow SaaS service. Joqiva may scan inbound email attachments or uploaded files for malware or security threats where enabled. Security scanning does not guarantee that all harmful content will be detected. Joqiva may quarantine, block, remove, restrict or disable access to files where reasonably necessary for security, legal compliance, abuse prevention, malware prevention or protection of the Service.

You must not use Joqiva to process personal data unless you have the right and lawful basis to do so. You are responsible for: (a) providing privacy notices to End Customers, staff, suppliers and contacts; (b) ensuring personal data is accurate where required; (c) ensuring personal data is adequate, relevant and limited to what is necessary; (d) responding to data subject requests where you are controller; (e) handling data protection complaints where you are controller; (f) ensuring users have appropriate permissions; (g) removing users who no longer need access; (h) protecting customer-facing links; (i) protecting credentials and login details; and (j) complying with UK GDPR, the Data Protection Act 2018, PECR, each as amended from time to time, and other applicable laws. You must not use Joqiva to process personal data in a way that is unlawful, unfair, excessive, hidden from the relevant individuals, or outside the purpose for which the data was collected. You must not use Joqiva to monitor individuals unlawfully or to create hidden surveillance records. You must not use Joqiva to deploy cookies, tracking pixels, scripts, advertising tags, retargeting technologies, link decoration, fingerprinting technologies or similar tracking technologies unless Joqiva expressly provides that feature and you have all rights, notices, lawful bases and consents required by law. This restriction does not prevent Joqiva from using Joqiva-controlled cookies, analytics technologies or similar technologies in the way described in the Privacy Policy and Cookie Policy.

Joqiva is not designed for systematic processing of special category personal data or criminal offence data. Special category personal data includes personal data revealing or concerning: (a) racial or ethnic origin; (b) political opinions; (c) religious or philosophical beliefs; (d) trade union membership; (e) genetic data; (f) biometric data used for identification; (g) health; (h) sex life; or (i) sexual orientation. Criminal offence data includes personal data relating to criminal convictions, offences, allegations, proceedings or related security measures. You must not intentionally submit special category personal data or criminal offence data to Joqiva unless: (a) it is necessary for your lawful business use case; (b) you have a valid lawful basis; (c) you satisfy an applicable special category condition or criminal offence data condition where required; (d) you have provided required notices; (e) you have implemented appropriate safeguards; (f) the data is relevant and limited to what is necessary; and (g) your use is not prohibited by the Terms of Service, DPA or this Policy. Special category personal data or criminal offence data may be submitted incidentally through emails, attachments, free-text job notes or customer messages. If this happens, you remain responsible for ensuring that the processing is lawful and appropriate. You must not use Joqiva as a medical, healthcare, clinical, counselling, safeguarding, biometric identification, criminal records, child protection, or high-risk sensitive data processing system unless Joqiva expressly agrees in writing.

Joqiva is not intended for use by children. You must not knowingly allow children to create Joqiva accounts. You must not intentionally submit children's personal data unless it is necessary, lawful and appropriate for your business use case. You must not use Joqiva for services directed at children without Joqiva's prior written approval. You must not upload, share, request, generate, process or store content that exploits, endangers, sexualises, targets, grooms, abuses or harms children.

Joqiva may provide AI-assisted features using approved AI service providers to help extract draft enquiry fields, suggestions, classifications or summaries from emails, messages, attachments or related content. You must not use AI-assisted features: (a) for unlawful, fraudulent or deceptive purposes; (b) to create fake invoices, fake quotes or false payment information; (c) to impersonate another person or business; (d) to harass, threaten or mislead End Customers; (e) to generate unlawful, discriminatory or abusive content; (f) to process data you are not authorised to process; (g) to process unnecessary special category personal data; (h) to process unnecessary criminal offence data; (i) to process children's data without a lawful basis and appropriate safeguards; (j) to make solely automated decisions with legal or similarly significant effects; (k) to make employment, credit, insurance, housing, healthcare, legal, tax, accounting or regulated financial decisions; (l) to produce professional advice; (m) to bypass human review; (n) to bypass Joqiva security controls; (o) to extract system instructions, secrets, credentials or confidential configuration; (p) to test, attack, overload or reverse engineer AI systems; (q) to submit content designed to override Joqiva's safety, validation or product controls; (r) to generate malware, phishing content, scam content or deceptive communications; or (s) to breach applicable AI service provider terms, Joqiva's AI Processing Notice or this Policy. AI output is draft-only. You must review, correct and approve AI output before using it in your business.

You must not: (a) access or attempt to access accounts, workspaces, files, customer-facing pages, documented interfaces or systems without authorisation; (b) bypass authentication; (c) bypass authorisation; (d) bypass access controls; (e) bypass customer-environment separation; (f) bypass usage limits; (g) bypass customer-facing access controls; (h) bypass documented interface restrictions; (i) bypass billing or plan limits; (j) bypass read-only restrictions; (k) probe, scan or test systems without written permission; (l) run vulnerability scans without written permission; (m) run penetration tests without written permission; (n) attempt to discover source code, secrets, credentials, access tokens or confidential configuration; (o) intercept data; (p) scrape or crawl the Service without permission; (q) overload the Service; (r) interfere with availability; (s) upload malware or malicious files; (t) exploit vulnerabilities; (u) use automated systems to create accounts or abuse features; (v) use bots, scripts or automation not provided or approved by Joqiva; (w) use Joqiva infrastructure to attack third parties; (x) interfere with another customer's use of the Service; (y) publicly disclose a vulnerability before Joqiva has had a reasonable opportunity to investigate and address it; or (z) inject, upload, embed or trigger scripts, tags, pixels, redirects, tracking code or code-like content that is not expressly supported by Joqiva. If you believe you have found a security issue, you must report it using the legal or support contact details in the Legal Notice and must not exploit it, disclose it publicly, access other customers' data, change data, download data unnecessarily, or continue testing without permission.

If Joqiva provides documented interfaces, you must use them only as documented and only for your authorised workspace use. You must not: (a) share credentials publicly; (b) embed confidential credentials in client-side or publicly accessible code; (c) use credentials from another workspace; (d) bypass usage limits; (e) use documented interfaces to scrape data; (f) use documented interfaces to overload the Service; (g) use documented interfaces to access another customer's data; (h) use documented interfaces for unauthorised integrations; (i) use documented interfaces to build a competing service without written permission; (j) use documented interfaces to resell, rent or white-label Joqiva without written permission; (k) use documented interfaces to avoid billing, usage limits, feature gates or read-only restrictions; or (l) use documented interfaces in a way that breaches the Terms of Service or this Policy. We may suspend access to documented interfaces if we reasonably believe the access is insecure, abusive, excessive, unlawful or harmful.

You must not use Joqiva as: (a) a regulated payment service; (b) a payment processor; (c) an e-money service; (d) a money remittance service; (e) an escrow service; (f) a client money handling service; (g) a bank; (h) a lending platform; (i) a credit reference or credit scoring service; (j) an insurance underwriting service; (k) a debt collection agency; (l) a legal advice service; (m) a tax advice service; (n) an accounting advice service; (o) a medical or healthcare decision system; (p) an emergency dispatch system; (q) a safeguarding system; (r) a system for employment, housing, insurance, credit or similarly significant automated decisions; or (s) any other regulated or high-risk service unless Joqiva expressly agrees in writing. Joqiva may help you organise business workflow, but it does not replace professional advice, regulated systems, safety checks, statutory tax records, accounting systems or legal compliance processes.

You are responsible for your own business compliance. You must ensure that: (a) you are authorised to provide the services you offer; (b) you hold any required licences, certifications, registrations or insurance; (c) your quotes and invoices are accurate; (d) your VAT, tax and accounting treatment is correct; (e) your customer terms are lawful; (f) your cancellation, refund and complaint handling terms are lawful; (g) your reminders are fair and lawful; (h) your staff and contractors use Joqiva appropriately; and (i) your use of Joqiva does not breach trade, consumer, professional or safety rules. Joqiva is not responsible for your workmanship, services, prices, customer contracts, customer complaints, refunds, tax treatment or regulatory compliance.

You must not use Joqiva if you are prohibited from doing so under applicable sanctions, export control or trade restriction laws. You must not use Joqiva for the benefit of any person, entity, country or region where such use would breach applicable sanctions, export control or trade restriction laws. You must not use Joqiva to hide, disguise or facilitate sanctions evasion. You must not use Joqiva to export, re-export, transfer or make available technology, data, services or functionality in breach of applicable export control or trade restriction laws. We may restrict, suspend or terminate access where we reasonably believe continued use would create sanctions, export control or trade compliance risk.

You must not: (a) resell Joqiva; (b) rent Joqiva access; (c) sublicense Joqiva; (d) white-label Joqiva; (e) offer Joqiva as a managed service to third parties; (f) share accounts between unrelated businesses; (g) create workspaces for unauthorised third parties; (h) use Joqiva to provide a competing SaaS product; (i) copy Joqiva workflows, screens, documentation or customer-facing pages to create a competing product; or (j) use Joqiva branding in a way that suggests endorsement or partnership, unless Joqiva gives written permission.

You must not use Joqiva in a way that creates unreasonable load or operational risk. This includes: (a) excessive automated requests; (b) excessive email sending; (c) excessive storage use outside plan limits; (d) repeated failed authentication attempts; (e) excessive file uploads; (f) automated account creation; (g) abusive exports; (h) automated customer page access; (i) excessive reminders; (j) high-volume scraping; (k) high-volume automated workflow activity; (l) creating duplicate accounts or workspaces to bypass usage limits; (m) manipulating usage counters, feature gates, billing status or plan limits; or (n) any other use that may degrade the Service. We may apply limits, throttling, suspension, restrictions or additional controls to protect the Service.

You must not: (a) remove or obscure Joqiva notices; (b) misrepresent Joqiva features; (c) misrepresent your relationship with Joqiva; (d) use Joqiva's name or branding without permission; (e) publish false statements about Joqiva; (f) interfere with Joqiva documentation, customer pages or links; (g) manipulate audit logs; (h) manipulate timestamps; (i) manipulate quote acceptance records; (j) manipulate quote decline records; (k) manipulate quote question records; (l) manipulate invoice view records; (m) manipulate payment reports; (n) manipulate document view records; or (o) attempt to create a false record of events.

You must not: (a) publish customer-facing links where publication is not intended or lawful; (b) guess, brute force, scrape, harvest or enumerate customer-facing links, invitation links or access methods; (c) share customer-facing links, invitation links or access methods with unintended recipients; (d) store customer-facing links, invitation links or access methods in public repositories, public documents or public channels where that creates privacy, fraud or security risk; (e) use customer-facing links to access data you are not authorised to access; (f) use customer-facing links to mislead, phish, impersonate or defraud anyone; (g) use customer-facing links to bypass workspace permissions or security controls; or (h) use customer-facing links or access methods as a hidden tracking, profiling, advertising, retargeting or surveillance mechanism outside the intended Joqiva workflow. If a customer-facing link, invitation link or access method is compromised, you should revoke, replace or stop using it where the Service allows and contact Joqiva support where help is needed.

If you believe someone is misusing Joqiva, use the support contact details in the Legal Notice. For legal, security or serious abuse issues, use the legal contact details in the Legal Notice. Please include: (a) a description of the issue; (b) relevant page links or references; (c) screenshots if appropriate; (d) timestamps; (e) workspace or business details if known; and (f) your contact details. Do not include unnecessary sensitive personal data in abuse reports.

We may investigate suspected breaches of this Policy. To investigate, prevent harm, protect the Service or comply with law, we may review relevant information such as: (a) account details; (b) workspace metadata; (c) audit logs; (d) access logs; (e) technical request logs; (f) email events; (g) customer-facing page interaction records; (h) uploaded files or attachments where necessary; (i) support messages; (j) security events; (k) billing status; (l) user permissions; (m) technical and operational metadata; and (n) other information reasonably necessary for the investigation. We will handle personal data in accordance with our Privacy Policy and DPA. We may preserve evidence where reasonably necessary for security, legal, fraud prevention, abuse prevention, dispute or compliance reasons.

If we reasonably believe that you have breached this Policy, we may take action. Actions may include: (a) warning you; (b) asking you to remove or correct content; (c) limiting a feature; (d) disabling email sending; (e) disabling reminders; (f) disabling AI-assisted features; (g) disabling inbound email processing; (h) disabling access to documented interfaces; (i) restricting customer-facing pages; (j) revoking or disabling customer-facing links, invitation links or access methods; (k) removing, blocking or quarantining files; (l) applying usage limits or throttling; (m) moving a workspace to read-only mode; (n) suspending a user; (o) suspending a workspace; (p) terminating access; (q) refusing support for abusive use; (r) preserving evidence; (s) notifying affected customers or End Customers where appropriate; (t) notifying service providers where appropriate; (u) notifying regulators, law enforcement or other authorities where required or appropriate; and (v) taking legal action. We may act without notice where we believe immediate action is needed to address security, legal, operational, abuse, fraud or harm risks. Enforcement action does not remove your obligation to pay fees already due.

If we do not act immediately against a breach of this Policy, that does not mean we waive our rights. We may take action later if the breach continues, repeats, causes harm, or becomes known to us later.

We may update this Policy from time to time. If we make material changes, we will provide reasonable notice where appropriate, such as by updating this page, sending an email, showing an in-app notice or posting a website notice. We may apply urgent changes sooner where reasonably necessary for legal, security, abuse prevention, sanctions, operational or service protection reasons. The updated Policy applies from the effective date shown at the top of this page. Continued use of Joqiva after the updated Policy applies means you accept the updated Policy.

For questions about this Policy, use the contact details maintained in the Legal Notice. The current support contact, privacy contact and legal contact are listed in the Legal Notice.