GET A DEMO

Acceptable use policy

Effective Date: 9 April 2026

Last Updated: 9 April 2026

Version: 1.0

01 Introduction

1.1 Purpose

This Acceptable Use Policy ("AUP") sets out the rules and conditions governing the use of the Smart Core platform and services provided by Vanti Ltd (Company No. 00650255), trading as "Smart Core" ("Vanti", "we", "us", or "our").

This AUP applies to all users of the Smart Core platform, including Customer administrators, Authorised Users, and any person accessing the Services through Customer's account (collectively, "Users").

1.2 Incorporation

This AUP forms part of, and is incorporated into, the Terms of Service between Vanti and the Customer. Capitalised terms not defined herein have the meanings given in the Terms of Service.

02 Permitted use

2.1 Authorised Purposes

The Smart Core platform may be used for the following purposes:

a) managing and monitoring building systems, including HVAC, lighting, access control, energy management, and environmental monitoring;

b) viewing and analysing building performance data, dashboards, and reports;

c) configuring automation rules and alerts;

d) managing building access for occupants, visitors, and service providers;

e) integrating with authorised third-party building systems and IoT devices;

f) administering user accounts and permissions;

g) using the Smart Core APIs in accordance with the API documentation and any rate limits; and

h) any other purpose expressly authorised in the applicable Order Form.

2.2 Compliance

Users shall use the Services in compliance with:

a) all applicable laws and regulations, including Data Protection Laws, the Computer Misuse Act 1990, and health and safety legislation;

b) the Terms of Service, Data Processing Agreement (DPA) and this AUP;

c) the Documentation and any usage guidelines provided by Vanti; and

d) any additional policies or instructions issued by the Customer.

03 Prohibited activities

3.1 General Prohibitions

Users shall NOT:

a) use the Services for any purpose other than the lawful management and operation of buildings and facilities;

b) access or attempt to access the Services, accounts, systems, or networks not authorised for that User;

c) share login credentials or permit unauthorised persons to access the Services;

d) interfere with or disrupt the Services, servers, or networks connected to the Services;

e) introduce Malicious Code (viruses, worms, trojans, ransomware, or other harmful software) into the Services;

f) attempt to reverse engineer, decompile, disassemble, or otherwise derive the source code of the Services (except to the extent expressly permitted by law, or where the source code is provided under an OpenSource agreement);

g) copy, modify, create derivative works of, or distribute the Services or Documentation (except as expressly authorised);

h) use the Services to develop a competing product or service;

i) remove, alter, or obscure any proprietary notices or branding in the Services;

j) sell, resell, sublicense, or provide access to the Services to any third party without Vanti's prior written consent.

3.2 Security Prohibitions

Users shall NOT:

a) conduct vulnerability scanning, penetration testing, or security assessments of the Services without giving prior written notice to Vanti;

b) attempt to breach any security or authentication measures;

c) attempt to access data not intended for that User or access systems or accounts that the User is not authorised to access;

d) use the Services to conduct denial-of-service attacks or generate excessive load that degrades service for other users;

e) intercept, monitor, or attempt to intercept network traffic not intended for that User;

f) use automated tools (bots, scrapers, crawlers) to access the Services except through the documented APIs and within published rate limits.

3.3 Data prohibitions

Users shall NOT:

a) process Personal Data through the Services without a lawful basis or in breach of Data Protection Laws;

b) use the Services to conduct surveillance of individuals in a manner that violates their rights;

c) use occupancy tracking, access control, or ANPR data for purposes other than building management, security, and safety;

d) use the Services to discriminate against any individual on the basis of protected characteristics;

e) upload, transmit, or store any data that is unlawful, defamatory, or infringing;

f) export data from the Services in breach of applicable export control laws.

3.4 IoT and Device Prohibitions

Users shall NOT:

a) connect devices to the Smart Core platform that are not authorised by the Customer;

b) configure automation rules that could endanger the health or safety of building occupants;

c) override safety interlocks or emergency systems through the platform;

d) use the platform to control devices in a manner that could cause property damage;

e) tamper with or physically interfere with IoT devices, sensors, or controllers connected to the platform.

04 API and integration use

4.1 API Access

Users accessing the Smart Core APIs shall:

a) comply with the API documentation and any published rate limits;

b) authenticate all API requests using valid credentials;

c) not share API keys or tokens with unauthorised parties;

d) not use the API to extract data for purposes other than those authorised under the Terms of Service;

e) implement appropriate error handling and backoff strategies; and

f) keep API client libraries and dependencies up to date.

4.2 Rate Limits

Vanti may impose rate limits on API access to ensure fair use and platform stability. Users who exceed rate limits may have API access temporarily restricted.

4.3 Integrations

Customer-developed integrations with the Smart Core platform shall:

a) use only documented and supported APIs;

b) not circumvent authentication or authorisation controls;

c) handle Personal Data in accordance with Data Protection Laws and the DPA; and

d) be maintained and updated by the Customer.

05 Account security

5.1 Responsibilities

Users are responsible for:

a) maintaining the confidentiality and complexity of their login credentials;

b) enabling multi-factor authentication where available and required by Customer policy;

c) immediately reporting any suspected or actual security breach to their Customer administrator and to Vanti at security@vanti.co.uk;

d) logging out of shared or public devices after use; and

e) not using the same password for the Smart Core platform as for other services.

5.2 Account Hygiene

Customer administrators shall:

a) promptly disable or remove accounts of users who no longer require access;

b) conduct periodic reviews of user access rights;

c) assign the minimum necessary permissions to each user (principle of least privilege); and

d) maintain accurate records of Authorised Users.

06 Monitoring and enforcement

6.1 Monitoring

Vanti reserves the right to monitor use of the Services at a system level to:

a) ensure compliance with this AUP and the Terms of Service;

b) protect the security and integrity of the Services;

c) respond to support requests and incidents;

d) maintain and improve product quality, including through aggregated usage analytics and session-level product analysis; and

e) comply with legal obligations.

Scope of monitoring

Monitoring covers system performance metrics, security events, authentication activity, API usage patterns, and platform interaction data (pages accessed, features used, error states). By the nature of the Services, Vanti's product and support teams may access Customer Data during the normal course of service delivery, troubleshooting, and product improvement. However, Vanti does not use monitoring to track or profile individual user behaviour for purposes unrelated to service delivery. Monitoring activities are conducted in accordance with our Privacy Policy.

6.2 Enforcement

If Vanti reasonably determines that a User has violated this AUP, Vanti may:

a) issue a written warning to the Customer;

b) temporarily suspend the offending User's access;

c) temporarily suspend Customer's access to the Services in whole or in part;

d) permanently terminate access in cases of serious or repeated violations;

e) report illegal activity to the relevant authorities.

6.3 Notice

Except in cases of imminent security risk, Vanti shall provide the Customer with reasonable notice before taking enforcement action and shall cooperate with the Customer to resolve the issue.

07 Reporting violations

Users should report suspected violations of this AUP to:

 Customer's administrator (first point of contact)

 Vanti Security Team: security@vanti.co.uk

 Vanti Data Protection Officer: dpo@vanti.co.uk (for data protection concerns)

08 Changes to this policy

Vanti may update this AUP from time to time. Material changes will be notified to Customers at least thirty (30) days in advance. Continued use of the Services after the effective date of changes constitutes acceptance.

09 Contact us

For questions about this AUP, please contact:

Vanti Ltd (trading as Smart Core)

10 Bonhill St, London EC2A 4PE

Email: legal@vanti.co.uk

Acceptable use policy

Acceptable use policy

01 Introduction

1.1 Purpose

1.2 Incorporation

02 Permitted use

2.1 Authorised Purposes

2.2 Compliance

03 Prohibited activities

3.1 General Prohibitions

3.2 Security Prohibitions

3.3 Data prohibitions

3.4 IoT and Device Prohibitions

04 API and integration use

4.1 API Access

4.2 Rate Limits

4.3 Integrations

05 Account security

5.1 Responsibilities

5.2 Account Hygiene

06 Monitoring and enforcement

6.1 Monitoring

6.2 Enforcement

6.3 Notice

07 Reporting violations

08 Changes to this policy

09 Contact us

Home

Connect

BOS

Demo

Contact

Owners & Developers

Building & Space Operators

Occupiers & Tenants

Terms & Conditions

Privacy Policy

Home

Connect

BOS

Demo

Contact

Owners & Developers

Building & Space Operators

Occupiers & Tenants

Terms & Conditions

Privacy Policy

Home

Connect

BOS

Demo

Contact

Owners & Developers

Building & Space Operators

Occupiers & Tenants

Terms & Conditions

Privacy Policy