Acceptable Use Policy

Our APIs surface UK regulator and public body data in a useful, normalised form. They exist to help legitimate businesses comply with their own regulatory and operational obligations. Misusing this data harms the people in it and threatens our ability to keep operating, so we take that misuse seriously.

• Build a competing dataset or API product. You may not bulk-extract responses to repackage or resell them as a competing data feed, search service, or API.
• Train models on our responses. Responses may not be used to train, fine-tune, or otherwise improve a third-party model intended to replicate the service or generate similar data.
• Harass, dox, or smear individuals. The personal data of regulated individuals (solicitors, doctors, directors, financial advisers) is provided for legitimate verification, not for harassment, public shaming, or malicious profiling.
• Make automated decisions about individuals without a lawful basis. Where you use our responses to make decisions affecting an individual (refusing service, denying credit, terminating a contract), you remain responsible for the lawfulness, accuracy, and explainability of that decision under UK GDPR Article 22 and equivalent rules.
• Bypass the rate limits, tier caps, or pricing. Sharing API keys across organisations, rotating keys to evade quotas, or scripting around the documented rate limits all breach this policy.
• Probe, scan, or attack the platform. Penetration testing requires our prior written consent. Vulnerability reports are welcome at security@stratumapis.com.
• Use the service for unlawful or fraudulent purposes, or to assist others in doing so.

Caching responses in your application for performance is fine and encouraged. Storing responses as part of an audit trail or compliance record is fine and is one of the intended uses. Republishing responses verbatim to the public web in a way that competes with the original regulator (or with us) is not.

If you are uncertain whether a planned use crosses the line, ask us. We respond quickly: in most cases the answer is yes, sometimes with a small adjustment.

If you believe someone is misusing the service, or that data we have surfaced about you is being misused by a customer of ours, contact dpo@stratumapis.com. We investigate every report.

We may suspend, rate-limit, or terminate access without notice if we reasonably believe you are breaching this policy. Where appropriate we will notify you and give you a chance to remedy the breach; where the breach is serious or ongoing we may act first and explain after.

For commercial questions about a specific use case, write to support@stratumapis.com.