Legal

Acceptable Use Policy

Last updated: 28 May 2026

What you can and cannot do with the Orbit Commerce platform. Forms part of the Terms of Service.

1. Scope

This Acceptable Use Policy (the “AUP”) applies to anyone who uses the Orbit Commerce platform (the “Service”), including Vendors, their staff, their end Customers, Partners, Agencies, Suppliers, Theme and Plugin Developers, Affiliates, integrators, and anyone who connects to the Service through an API. It forms part of the Terms of Service and every Persona Agreement (Partner, Agency, Supplier, Developer, and API).

The AUP is intentionally specific. If your intended use of the Service is not covered by an entry here and you are unsure, contact support@orbitcommerce.net before you go live.

2. Core Principle

You may not use the Service for any activity that is illegal in any jurisdiction in which you trade, that breaches the rights of any person, that puts your Customers or other Orbit Commerce vendors at risk, or that exposes us to material legal, regulatory, financial, or reputational risk. You are responsible for knowing the laws that apply to your business and for complying with them.

3. Prohibited Products and Services

You must not use the Service to sell, list, advertise, market, or facilitate the supply of any of the following:

3.1 Illegal goods and services

  • Anything the sale, supply, or possession of which is illegal under the laws of the United Kingdom or any other jurisdiction in which you operate or sell;
  • Counterfeit, replica, or unauthorised goods (including unauthorised use of trade marks, brand names, or logos);
  • Goods made using, or designed to facilitate, infringement of copyright, registered designs, patents, trade marks, or database rights.

3.2 Weapons, explosives, and dangerous goods

  • Firearms, ammunition, explosives, fireworks Category F3/F4, blank-firing weapons, and components thereof, except where the seller and the route to sale are fully licensed and the listing complies with the UK Firearms Acts and equivalents in the buyer’s jurisdiction;
  • Offensive weapons restricted by the Criminal Justice Act 1988 or the Offensive Weapons Act 2019 (including zombie knives, knuckledusters, certain swords, and disguised weapons);
  • Items the sale of which to under-18s is restricted, unless the Storefront enforces effective age verification.

3.3 Drugs and regulated substances

  • Controlled drugs under the Misuse of Drugs Act 1971, psychoactive substances under the Psychoactive Substances Act 2016, and equivalent restricted substances in the buyer’s jurisdiction;
  • Prescription-only medicines, except by a registered pharmacy holding all required regulatory authorisations (in the UK, a General Pharmaceutical Council registration and an MHRA-registered online seller listing);
  • Drug paraphernalia where prohibited by the buyer’s jurisdiction.

3.4 Age-restricted goods

  • Tobacco, vaping products, nicotine pouches, and CBD products may be sold only by Vendors who comply with all applicable advertising restrictions and age-verification requirements (including the Tobacco and Related Products Regulations 2016 and the MHRA Yellow Card requirements where applicable);
  • Alcohol may be sold only by Vendors who hold the required licences in their place of supply, and who enforce effective age verification at point of order and at delivery;
  • Adult-only goods and services may be sold only on Vendor plans that we have expressly approved for adult content. Adult content is not permitted on our default free or starter plans.

3.5 Financial services and currency-like instruments

  • Regulated financial services (including investments, securities, deposits, credit facilities, insurance, and FX) unless the Vendor is authorised by the Financial Conduct Authority or another competent regulator for that activity in that jurisdiction;
  • Cryptocurrency exchange or wallet services, ICOs, IDOs, and token sales unless we have given prior written approval;
  • Money services, money transmission, or anything that would require registration with HMRC or the FCA, unless properly registered and authorised.

3.6 Gambling and lotteries

  • Gambling, betting, lotteries, sweepstakes, prize draws, and skill-game services without all licences required under the Gambling Act 2005 and the laws of every jurisdiction in which the Service is offered;
  • Loot boxes and randomised digital-item sales targeted at minors, or that fail to disclose odds where law requires it.

3.7 Harmful or exploitative content

  • Child sexual abuse material; any sexual content involving minors; non-consensual intimate imagery;
  • Content that promotes, glorifies, or incites terrorism or violent extremism;
  • Content that promotes self-harm, suicide, or eating disorders other than for clinical, harm-reduction, or recovery purposes by recognised organisations;
  • Hate speech, content that incites hatred or discrimination based on race, religion, sex, sexual orientation, gender identity, disability, or other protected characteristic;
  • Doxxing, stalkerware, harassment, or content designed to enable abuse of identifiable individuals.

3.8 Animals and wildlife

  • Live vertebrate animals sold online to consumers in jurisdictions where this is restricted (in the UK, see the Animal Welfare (Licensing of Activities Involving Animals) (England) Regulations 2018);
  • Endangered species, parts, or products restricted by CITES, the Control of Trade in Endangered Species (Enforcement) Regulations 2018, and the Ivory Act 2018.

3.9 Other prohibited items

  • Human organs, blood, or tissue except where lawful and properly regulated;
  • Human remains;
  • Personal data sets, identity documents, credentials, and account credentials;
  • Tools, software, or services whose primary purpose is to circumvent computer security, copyright protection, or anti-cheat systems;
  • Pyramid schemes, chain letters, multi-level marketing structures that are unlawful in any jurisdiction in which they are offered;
  • Goods or services that promote or facilitate fraud, including fake reviews, follower-farming, engagement manipulation, or identity-spoofing services.

3.10 Sanctions and export control

You must not use the Service to deal with any person or entity, in or for any jurisdiction, that is subject to UK, EU, US, or UN sanctions, or to export anything subject to UK export control without the required licence. You are responsible for screening your Customers and counterparties against the relevant sanctions lists.

4. Prohibited Data Categories

The Service is not designed to process the following categories of data, and you must not upload them to your Vendor Account or your Storefront:

  • Health information that is regulated under specific health-data laws, including NHS-controlled patient data and data subject to HIPAA in the United States;
  • Government-classified information, national security material, or anything subject to the UK’s Official Secrets regime;
  • Full payment card numbers (including the PAN) in any field outside the integrated payment processor — the Service is not PCI-DSS Level 1 storage and you must not store cardholder data;
  • Special category personal data (Article 9 UK GDPR) or criminal conviction data (Article 10 UK GDPR) unless you have notified us in writing in advance and we have confirmed that the proposed use is supported.

5. Prohibited Platform Behaviour

You must not, and must not let anyone using your Vendor Account:

  • Send spam, unsolicited bulk email or SMS, or any electronic communication that breaches the Privacy and Electronic Communications Regulations 2003 or equivalent laws in the recipient’s jurisdiction;
  • Engage in phishing, smishing, or any deceptive communication designed to obtain credentials or financial information;
  • Distribute malware, ransomware, spyware, viruses, worms, or any other harmful or disruptive code;
  • Attempt to interfere with, overload, disable, degrade, or impair the Service or any other vendor’s Storefront;
  • Attempt unauthorised access to any part of the Service, any other Vendor Account, or any system, network, or data connected to the Service;
  • Use crawlers, scrapers, or other automated means to collect data from the Service or any Storefront beyond what we expressly permit in the API documentation or in a signed agreement;
  • Reverse engineer, decompile, or disassemble any component of the Service except to the limited extent permitted by law;
  • Circumvent rate limits, usage limits, or other technical measures, or use multiple Vendor Accounts to do so;
  • Manipulate search rankings, ratings, reviews, or other trust signals, on the Service or on third-party platforms, through deception, automated activity, or paid-for fake content;
  • Use the Service to impersonate any person, business, or brand without authority;
  • Use the Service to host or distribute content that would constitute illegal content under the Online Safety Act 2023 (where that Act applies);
  • Use the Service or any data made available through the Service to train, fine-tune, or develop any machine learning model or artificial intelligence system without our prior written consent.

6. Storefront-Specific Requirements

If you operate a Storefront on the Service, you must:

  • Publish your full trader information, contact details, and complaints route, as required by the Companies Act 2006, the Electronic Commerce (EC Directive) Regulations 2002, and the Provision of Services Regulations 2009;
  • Publish accurate product descriptions, pricing (VAT-inclusive where applicable), delivery information, and returns information that comply with consumer protection law in the buyer’s jurisdiction (including the Consumer Rights Act 2015 and the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 in the UK);
  • Publish a privacy notice that complies with Articles 13 and 14 UK GDPR and a cookie notice that complies with PECR;
  • Honour data subject rights and respond to data subject requests within the time limits set by law;
  • Operate effective age verification where you sell age-restricted goods;
  • Handle complaints, returns, and refunds in line with the law and with your own published policies.

7. Developers, Themes, Plugins, and User-Generated Content

If you publish a theme, plugin, or app on Orbit Commerce, or if your Storefront accepts user-generated content (for example, customer reviews, comments, or uploaded media), you must:

  • Operate a clear, accessible mechanism for users and third parties to report content they consider illegal, harmful, or infringing;
  • Action valid takedown requests promptly and in line with the Copyright and Takedown Policy;
  • Comply with content-moderation obligations under the Online Safety Act 2023 where they apply to you;
  • Comply with all obligations in the Partner Program Agreement and the API documentation.

8. Reporting Suspected Breaches

If you become aware of activity on the Service that you believe breaches this AUP, or that is illegal, please report it to:

General trust and safety reports: support@orbitcommerce.net

Intellectual property and copyright: use the form at /copyright

Child safety (urgent): support@orbitcommerce.net

Security vulnerabilities: support@orbitcommerce.net

We will investigate credible reports and act in line with section 9. We may also report content or activity to the police, the National Crime Agency, the Internet Watch Foundation, Ofcom, the ICO, HMRC, the FCA, or any other competent authority where the law requires it or where we consider it appropriate.

9. Enforcement

Where we reasonably believe that the AUP has been breached, we may take any of the following actions, alone or in combination, proportionate to the seriousness of the breach:

  • Notice and cure: notify you of the issue and give you a reasonable opportunity to fix it within a specified period;
  • Content removal: remove or restrict access to specific Vendor Content, listings, themes, plugins, or pages;
  • Feature restriction: disable specific features (for example, checkout, email sending, API access) until the issue is resolved;
  • Suspension: suspend your Vendor Account in accordance with section 21 of the Terms of Service;
  • Termination: terminate your Vendor Account in accordance with section 22 of the Terms of Service;
  • Reporting: report the activity to the relevant law enforcement authority, regulator, or rights holder.

For serious, urgent, or repeated breaches (in particular: child safety issues, terrorism content, sanctions exposure, sale of prohibited products, or a credible threat to the security of the Service or to other vendors), we may suspend or terminate without prior notice and notify you afterwards.

10. Appeals

If we take enforcement action against your Vendor Account, you may appeal in writing to support@orbitcommerce.net within thirty (30) days of the action. Your appeal should set out the action you are appealing, the basis on which you consider it was wrong, and any evidence you wish us to consider. We will acknowledge your appeal within five (5) business days and aim to give a final decision within thirty (30) days of receipt. The right to appeal does not pause the enforcement action.

11. Updates

We may update this AUP from time to time to reflect changes in law, regulator guidance, threats, or platform features. Material changes will be notified in accordance with section 3 of the Terms of Service. Continued use of the Service after an update constitutes acceptance of the updated AUP.

Contact

Orbit Technologies Limited (trading as Orbit Commerce)

Registered office: 2-6 Abington Square, Northampton, England, NN1 4AA

Trust and safety: support@orbitcommerce.net