Acceptable Use Policy

1. Purpose

This policy sets out the standards of acceptable use for the Kore Payroll platform. It is intended to protect our customers, their employees, and the integrity of our systems. Violations of this policy may result in suspension or termination of access.

2. Permitted use

The Service is provided exclusively for the following lawful business purposes:

• Processing payroll for your own employees or workers.
• Submitting PAYE Real Time Information (RTI) to HMRC on behalf of your business.
• Managing employee records, pay groups, and benefit schemes.
• Providing employees access to their own payslips and documents.
• Generating payroll reports and accounting journals for your business.
• Using the API to integrate with your own authorised systems.

3. Prohibited activities

You must not use the Service to:

3.1 Illegal activities

• Process payroll in a manner designed to defraud HMRC, employees, or any other party.
• Submit false or fabricated RTI information to HMRC.
• Process payments to fictitious employees or inflated salaries as part of any fraudulent scheme.
• Facilitate money laundering, tax evasion, or any other criminal activity.
• Process data of individuals without lawful basis under UK GDPR and the Data Protection Act 2018.
• Violate any applicable law, regulation, or HMRC guidance.

3.2 Unauthorised access and security

• Attempt to gain unauthorised access to any part of the Service, other customer accounts, or our infrastructure.
• Probe, scan, or test for security vulnerabilities without our prior written authorisation.
• Introduce any virus, malware, ransomware, spyware, or other malicious code.
• Perform any denial of service attack or distribute automated requests that would damage or impair the Service.
• Circumvent or disable any authentication, access control, or security feature.
• Share login credentials between multiple individuals unless using officially supported multi-user features.

3.3 Data misuse

• Use the Service to process personal data for any purpose other than legitimate payroll administration.
• Extract, compile, or sell employee data obtained through the Service for any purpose unrelated to that employee's employment.
• Process personal data of third parties without a lawful basis and appropriate consents.
• Use the Service for unauthorised data scraping or bulk data extraction.

3.4 System integrity

• Reverse-engineer, decompile, disassemble, or otherwise attempt to derive source code from the Service.
• Modify, translate, adapt, or create derivative works of the Service.
• Resell, sublicence, or otherwise provide access to the Service to third parties (other than your own employees using the Service in the course of their employment).
• Frame or mirror the Service on any other website without our written consent.
• Remove or alter any copyright, trademark, or proprietary notices in the Service.

3.5 Payroll bureau use

If you are a payroll bureau or accountant processing payroll on behalf of your clients, you must have a separate contract with us (Bureau Agreement) before using a single Kore Payroll account to process multiple employer payrolls. Contact us at hello@korepayroll.co.uk to discuss bureau arrangements.

4. Your responsibilities regarding users

You are responsible for ensuring that all users within your account comply with this AUP. This includes:

• Maintaining a complete and accurate list of authorised users.
• Promptly removing access for users who leave your organisation or no longer require access.
• Ensuring that users understand and comply with this AUP.
• Notifying us immediately if you become aware of any violation of this AUP by any user.

5. Responsible vulnerability disclosure

If you discover a genuine security vulnerability in the Service, we ask that you report it to us responsibly before disclosing it publicly. Please email security@korepayroll.co.uk with details of the vulnerability. We commit to acknowledging receipt within 2 business days and providing a remediation timeline. We will not pursue legal action against good-faith security researchers who follow this process.

6. Monitoring and enforcement

6.1 We reserve the right to monitor usage of the Service to detect violations of this AUP, subject to our Privacy Policy.

6.2 If we reasonably believe you are in violation of this AUP, we may, without notice or liability:

• Issue a warning and request you cease the offending activity immediately.
• Temporarily suspend your access to the Service.
• Permanently terminate your account.
• Report relevant activity to law enforcement or regulatory authorities (including HMRC and the ICO).

6.3 Where possible and appropriate, we will provide notice and an opportunity to remedy a violation before taking action. However, in cases involving immediate security risk, fraud, or serious harm, we may act without prior notice.

7. Reporting violations

If you believe someone is using the Service in violation of this AUP, please report it to us at security@korepayroll.co.uk. We take all reports seriously and will investigate promptly.

8. Changes to this policy

We may update this AUP from time to time. We will provide at least 30 days' notice of material changes. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

9. Contact

For questions about this policy: legal@korepayroll.co.uk