Acceptable Use Policy

Last updated: 06 May 2026

This Acceptable Use Policy (AUP) sets out the categories of business and the kinds of activity that are permitted, restricted, or prohibited on UnitPay's payment services. Compliance with this AUP is a condition of every Service Agreement and applies to merchants, their authorised users, and any party transacting through their integration.

1. Permitted use

UnitPay services may be used by merchants who are properly incorporated and, where required, licensed to conduct their declared business. Acceptable use means processing genuine commercial payments for goods or services lawfully sold by the merchant in line with the merchant's published terms of sale and consistent with Indonesian law and the laws of every jurisdiction where the merchant operates.

Merchants are responsible for ensuring their integration uses UnitPay only for the categories declared at onboarding. Material changes to business model (new categories, new geographies, new customer segments) must be notified in writing to compliance@unitpay.net before live processing.

The published merchant terms of sale must be available to the customer before payment, written in plain language, and accurately describe the goods or services, the price including VAT where applicable, the delivery or fulfilment terms, and the merchant's refund policy. Misleading or hidden terms are themselves a violation of this AUP.

2. Prohibited business categories

UnitPay does not support the following categories. Any attempt to process payments in these categories is a material breach of the Service Agreement and may result in immediate suspension under our Account Suspension and Blocking Rules.

Some categories are absolutely prohibited; others are conditionally permitted subject to specific licensing or documented enhanced due diligence. Merchants in conditional categories should engage with the onboarding team early to understand the diligence pathway.

  • Gambling, lottery, or wagering activity not licensed by the relevant Indonesian authority.
  • Adult, escort, or sexually explicit services.
  • Pharmaceuticals, controlled substances, or medical devices outside the regulatory framework administered by BPOM.
  • Weapons, ammunition, explosives, and military or dual-use items requiring an export licence.
  • Hate-speech platforms, extremist content, and content that incites violence or terrorism.
  • Multi-level marketing, pyramid schemes, and chain-recruitment programs.
  • Regulated financial services (lending, insurance, securities, asset management, payment services) without the relevant OJK or sectoral licence.
  • Cryptocurrency exchange or trading services without Bappebti registration; on-ramp acceptance of crypto for fiat conversion is not supported.
  • Counterfeit goods, intellectual-property-infringing goods, and unauthorised replicas.
  • Unregulated debt-collection, foreclosure, or eviction services.
  • High-risk affiliate programs, cash-back farms, and points-arbitrage schemes designed to generate transaction volume without genuine commerce.

This list is non-exhaustive. UnitPay reserves the right to add categories in line with regulatory updates, network requirements, and risk learnings; current detail is maintained in our internal merchant onboarding handbook.

3. Prohibited transaction types

Regardless of merchant category, UnitPay prohibits the following transaction patterns:

  • Money laundering, layering, integration, or any structuring of transactions designed to disguise origin.
  • Terrorism financing, proliferation financing, or financing of any sanctioned activity.
  • Sanctions evasion, including third-party transactions on behalf of sanctioned parties.
  • Fraudulent transactions, including unauthorised use of payment credentials, friendly fraud, and refund fraud.
  • Transaction laundering, in which a merchant processes payments for an undisclosed business or for another party.
  • Use of the platform to settle obligations unrelated to the original transaction.
  • Cash-out schemes that use the payment channel to extract liquid funds rather than to settle a genuine commercial transaction.

4. Prohibited customer segments

Merchants may not direct UnitPay to process payments for customers who are:

  • Listed on UN, EU, OFAC, OFSI, or PPATK DTTOT sanctions lists.
  • Confirmed politically exposed persons in adverse-media-flagged contexts, without our prior compliance approval.
  • Resident in jurisdictions where Indonesian law restricts financial services dealings, including the Russian Federation, Belarus, the Democratic People's Republic of Korea, Iran, and any jurisdiction added to UN or domestic restriction lists from time to time. The current internal restriction list is maintained by the AML team and reflects regulator updates.
  • Minors (under 18 years of age) for transactions where lawful adult capacity is required.
  • Persons whose involvement is the subject of an active regulator instruction or court order requiring restriction of payment dealings.

The restricted-jurisdictions list is dynamic. UN Security Council resolutions, OFAC designations, and Indonesian regulator directives may add to the list at any time; merchants are responsible for following the published guidance and for declining transactions that fall within scope.

5. Prohibited integration patterns

The following technical practices are not permitted:

  • Using the API to scrape, harvest, or enumerate UnitPay data outside the merchant's own activity.
  • Sharing API credentials or webhook secrets across merchants or with unauthorised third parties.
  • Deliberately circumventing KYC, AML, velocity, or fraud controls, including by use of proxy IPs, device-spoofing tools, or synthetic-identity automation.
  • Using sandbox credentials to simulate production volume for marketing or audit-evasion purposes.
  • Embedding UnitPay payment widgets in unrelated platforms in a way that obscures the merchant identity from the customer.
  • Reverse engineering or attempting to extract algorithmic detail from our risk-monitoring or screening systems.

Where the merchant identifies a security vulnerability in our integration interface, the appropriate response is coordinated disclosure to security@unitpay.net, not exploitation. Coordinated disclosure is welcomed and protected from enforcement under our Security Policy.

6. Prohibited content

Content sold or delivered through merchant integrations must not include: illegal pornography, depictions of child sexual abuse, content infringing third-party intellectual property, content that promotes terrorism, content encouraging self-harm, or any content unlawful under Indonesian law including UU ITE (Law 11/2008 as amended).

Where content is user-generated on the merchant's platform, the merchant is responsible for moderation policies and removal procedures consistent with applicable law. UnitPay's role is limited to processing the payment; we do not adjudicate content disputes between merchant and end customer beyond the AUP scope set out here.

7. Reporting violations

Anyone who believes a UnitPay-integrated merchant is operating in violation of this AUP may report concerns to compliance@unitpay.net. We treat reports confidentially to the extent permitted by law and investigate within ten working days. Customers seeking dispute resolution rather than reporting AUP violations should follow the channels set out in our Dispute Resolution and Complaint Handling framework.

Reports may be submitted anonymously. Anonymous reports may be harder to investigate fully, but they are not disregarded; where the report contains specific evidence of a violation, we proceed on the basis of that evidence even where the source cannot be re-contacted.

8. Enforcement

Violations of this AUP may trigger any of the following actions, alone or in combination, at UnitPay's discretion: warning and remediation request, transaction-level block, payment-method restriction, increased rolling reserve, account suspension, account closure, and reporting to regulators or law enforcement under valid legal process. The procedural framework is set out in our Account Suspension and Blocking Rules. Enforcement actions may be appealed through the channels described in that policy.

Enforcement is proportionate to the severity of the underlying violation. A first-time minor violation typically draws a warning and remediation request; sustained or severe violations move directly to suspension or closure. The full graduated response framework lives in the Blocking Rules.

Where enforcement requires regulator notification (for example, a sanctions match or a serious AML concern), we proceed under our AML and CFT Statement in line with PPATK and other regulator expectations, including the anti-tipping-off provisions of UU TPPU.

Questions about whether a specific business model or transaction pattern is in scope of this AUP may be raised with compliance@unitpay.net. We respond to such enquiries during Mon-Fri 09:00-18:00 WIB and can provide written guidance where useful for the merchant's records.

This AUP is the public-facing description of our enforcement standards. Bespoke variations agreed in a counter-signed Service Agreement addendum, where consistent with applicable law, prevail to the extent of any conflict.

Effective date: 06 May 2026