Yoti Misuse Policy

This Misuse Policy establishes guidelines for acceptable use of Yoti services and the integrity of our digital ecosystem. These guidelines will be followed when assessing any claims of misuse of our Yoti services, wherever they originate.

This policy applies to all users of Yoti services, whether as individuals or on behalf of businesses, and organizations accessing our platform through any interface or method. Throughout this policy, these are “users”. The policy exists alongside and as part of the contract the user has with Yoti that allows use of Yoti’s products by the user, business or organisation(“main contract”) and is subject to the terms therein, including (without limitation) the governing law and jurisdiction of that contract, subject to any consumer protection laws at the place of user’s residence that may apply regardless of the main contract terms. Any conflict between the main contract and this policy shall be interpreted in accordance with the main contract. 

This policy is intended to support our efforts to ensure Yoti services are used appropriately. Whilst Yoti uses reasonable efforts to enforce this policy, use ​of ​Yoti services ​does ​not ​guarantee ​that any user has been vetted by Yoti or is not in breach of this Policy.

This policy is subject to periodic review and modification. Such review will take place at least annually. Users are responsible for staying current with the latest guidelines.

We expect all users to use the Yoti services responsibly and ethically. This section sets out a non-comprehensive list of examples of what may be deemed misuse

• False representation of the user or who they represent
• Using our services for any purposes that are illegal under any laws applicable to Yoti or the user
• Engaging in coercion, fraud, making false representations, identity theft, or financial crimes
• Distributing illegal content or materials
• Attempting to access systems or data without authorization
• using Yoti to harass, harm or target another person; or
• any use of the Yoti app or platform intended to deceive Yoti or another user.

• Engage in distributed denial of service (DDoS) attacks to compromise system security
• Introduce malware or viruses
• Scrape or extract data without authorization
• Use automated tools to access services beyond permitted rates
• Circumvent access controls or authentication mechanisms
• Falsely reporting misuse of Yoti or other breaches of our terms

• Creating multiple accounts to circumvent restrictions
• Selling or transferring account credentials
• Using accounts for commercial purposes without having the an appropriate licence and/or contract with or approved by Yoti
• Impersonating other individuals or organizations
• Breaching Yoti’s App consumer terms and conditions

• Failure to comply with all applicable data protection regulations
• Obtaining, processing or sharing personal information without the appropriate knowledge of the data subject and a valid lawful basis 
• using another person’s identity document, facial image or biometric data without their consent
• presenting manipulated, altered, synthetic, AI-generated or otherwise fraudulent materials to Yoti
• coercing, pressuring or manipulating another person into using Yoti or providing identity information
• misrepresenting your identity, age or eligibility to access Yoti services

We employ the following methods to detect misuse:

• Yoti checks and reviews (subject always to our Privacy Notices)
• Third Party Reporting, which may include Police or Fraud monitoring agencies
• User reporting
• Yoti proactive reporting
• Official Body reporting

Where misuse is identified, unless we do not reasonably consider it appropriate to do so, we will endeavour to notify the user before or promptly after enforcement action providing specific reasons for suspension and (where appropriate) give the user an opportunity to remedy before action is taken.

When we are made aware of misuse we will take into account all evidence available to us to reach a fair decision depending on the type and level of misuse. The consequence will be based on the severity of the situation and may include:

• Where the risk or harm is reasonably considered by Yoti as sufficiently serious, immediate account suspension.
• Temporary or Permanent account termination depending on the severity of the harm and whether it is rectifiable.
• Legal action for significant breaches.
• Reporting to relevant authorities by us or as a recommendation to a user who states they are a victim of the action. 

To the extent possible, a tiered enforcement

Users may submit a written appeal to contest enforcement actions within 30 days of becoming aware of the enforcement action, which will be reviewed by our Complaints team. To be a valid appeal, we require from the user raising the appeal an email to complaints@yoti.com including the below:

• A full legal name.
• an email or postal address that enables Yoti to contact the user. 
• Details of the nature of the appeal and reasons why the enforcement action is inappropriate.
• a statement confirming that the information and allegations contained in the appeal are full and accurate. 
• A signature or other method of evidencing the appeal is coming from the named legal person or their appointed representative.

If you feel that you cannot provide any of the above for any accessibility reasons, such as physical impairment or language barriers, please contact help@yoti.com for guidance.

The appeal will be reviewed in accordance with our Complaints Process. Where a user disagrees with the decision of the complaints team, unless restricted from doing so by applicable laws or regulations, the first form of resolution between users and Yoti is through an out of court arbitration scheme based in London, UK (or such alternative location as may be mandated  under an applicable law).

Investigations and actions relating to misuse shall be dealt with without undue delay and we will endeavour to provide a timeline of action depending on the circumstances. These timelines normally be adhered to unless justifiable difficulties determine otherwise and are communicated.

Yoti records the number of accounts that have been suspended and reports those numbers to its Guardians Council and to its senior management team twice yearly through its Global Operations Manager. Where there are specific circumstances around a suspension that the Global Operations Manager believes  requires input from one or both of these bodies, that will be raised during these reviews.

We may choose to undertake an internal review of any suspended account based on receiving evidence of innocence from a user or third party outside of the appeal process. This and any action, is solely at Yoti’s discretion.

When enforcing this policy, we process personal data in accordance with our Privacy Notice and applicable data protection laws. Our lawful bases include:legal obligation and legitimate interests. Suspended users retain all data subject rights including the right to access data about their suspension, request correction of inaccurate information, and object to processing. Contact privacy@yoti.com to exercise your rights.

Yoti reserves the right to interpret and enforce this policy at its reasonable discretion exercised proportionately and in good faith, taking into account the severity of any breach, the user’s history, and all relevant circumstances, with final decisions resting with our General Counsel.