Hoist AIAssets Sign in
HomeLegalAcceptable use

Acceptable Use Policy.

Plain-English version of what you can and can't do with the API. The org-only boundary is enforced in code; this policy covers everything else.

Version 1.02026-05-15

What you can do

  • Run PPSR organisation and serial-number searches for your own due-diligence purposes.
  • Run ABN / GST lookups on counterparties you're transacting with.
  • Build internal tools, agents, or workflows that call the API.
  • Store records you generate, indefinitely if you want, on your own systems.
  • Attach records to deal files, court bundles, audit packages, data rooms.
  • Share records with the parties involved in the transaction (counterparty, lawyer, court, regulator).

What you can't do

  • Attempt to circumvent the org-only boundary. Don't pass individual-grantor inputs in fields meant for organisations. The API rejects this; circumvention attempts (e.g., disguising individual data as serial numbers) are termination-worthy.
  • Resell our API as a wholesale data product without a separate written agreement. If you're an aggregator, talk to us about the partner programme.
  • Harvest the register in bulk. Don't loop through ACN ranges or VIN sequences to build a private mirror. AFSA's terms prohibit this; ours do too.
  • Use the service for surveillance, stalking, or harassment. Australian asset registers exist for commercial due diligence; using them to track individuals' assets for non-commercial reasons is prohibited.
  • Run automated workloads that materially degrade service for other customers. Fair-use rate limits apply; if you need more, ask.
  • Reverse-engineer our audit-chain hashing or pricing engine beyond what's open-sourced.
  • Bypass authentication. Don't share API keys across organisations, scrape the dashboard, or use leaked tokens.

Examples — judgement calls

Some uses sit close to the line. Our reading:

  • OK: An agent that runs a PPSR + ABN check on every new lead in your CRM and attaches a record. You're the customer; the record sits on your deal file; the searches are legitimate due diligence.
  • OK: An aggregator platform that lets its own customers run searches via your account — provided your customers have agreed to your terms and you've signed our partner agreement.
  • Not OK: An agent that runs PPSR searches against ACN ranges to build a private database of who-owns-what for marketing purposes.
  • Not OK: Submitting a counterparty's individual director's licence number under serial_number. That's circumventing the org-only boundary.
  • Ask us: A research project (academic, journalism) doing aggregated analysis. We've supported these before with sandboxed access.

Enforcement

  • First, we ask. If we notice usage that looks off, we email your account contact first.
  • Then, we throttle or suspend. Material violations result in rate limiting, scope downgrade, or temporary suspension.
  • Finally, we terminate. Repeated or wilful violations end the contract under our Terms of service.
  • Refunds: none on terminated-for-cause accounts. Pro-rated on accounts you cancel voluntarily.

Reporting

If you see suspected misuse of the Service (your own data, someone else's, anything), email [email protected]. Acknowledged within 24 hours.