What's prohibited on the EpochPay rail.

Prohibited activity.

By using EpochPay you agree not to use the rail for, or to facilitate:

• Sanctions evasion — payments to / from individuals or entities on US OFAC SDN / SSI lists, EU consolidated list, UK OFSI list, UN sanctions, or any comprehensive sanctions program (Iran, North Korea, Syria, Cuba, Russia comprehensive sanctions, occupied Ukrainian territories).
• Money laundering or terrorism financing — structuring, layering, or integration of illicit funds; financing of designated terrorist organizations.
• Fraud — including phishing, account takeover, synthetic-identity payments, business email compromise, or any scheme to defraud the counterparty.
• Theft of cryptographic material — stealing or trafficking in private keys, seed phrases, recovery phrases, or signing material — yours or anyone else's.
• Child sexual abuse material (CSAM), human trafficking, or any payment connected to such activity. Reports go to NCMEC and to law enforcement under safe-harbor.
• Unregistered securities offerings that require registration in the jurisdiction of offer.
• Illegal goods or services in the jurisdiction of the merchant or counterparty (controlled substances, weapons trafficking, prostitution where illegal, etc.).
• Counterfeit goods or IP infringement — selling fakes, distributing pirated content.
• Gambling without license in the operating jurisdiction.
• Multi-level marketing schemes structured as pyramids; Ponzi schemes; any plan where returns come primarily from new participants' deposits.

Technical abuse.

• Attempting to compromise the rail (signature forgery, chain rewrite, authorization bypass) outside of our coordinated-disclosure program.
• Denial-of-service attacks against epochpay.today or any sub-domain.
• Sharing API keys across unrelated organizations to circumvent rate limits or tier pricing.
• Scraping at rates beyond 2 req/sec on public marketing surfaces (/, /pricing, /verify, /snapshots); the /api/* rate limits are documented at /docs.
• Reverse-engineering, decompiling, or otherwise extracting source from compiled artifacts beyond what the relevant LICENSE permits.

Enforcement.

• OFAC flag on enroll → merchant cannot initiate payments. Reviewed manually for false positives.
• OFAC flag mid-flight → all in-flight intents on the offending counterparty are held; legitimate counter-parties refunded where lawful.
• Material AUP violation → immediate suspension of the API key. Restoration possible after cause-and-effect review.
• Repeat violation → termination per /terms §8. Any final settlement we owe you we will settle; chain anchors persist.
• Law-enforcement requests → we comply with valid US legal process. We will notify you unless we are legally prohibited from doing so. Transparency report (forthcoming).

Reporting abuse.

If you believe a merchant is using EpochPay in violation of this policy, email abuse@epochpay.today with the merchant ID, intent IDs if known, and your contact info. We acknowledge within 24 hours and triage within 5 business days.

For child-safety or trafficking reports we additionally route to NCMEC CyberTipline and to law enforcement under 18 U.S.C. § 2258A; safe-harbor and confidentiality preserved.

Changes.

Material changes to this AUP are announced 30 days in advance via the changelog (forthcoming) and sealed into the WORM chain.