Acceptable Use Policy
Last updated: 1 July 2026
This policy applies to everyone who uses CoursePay. Breaching it can lead to suspension or termination without refund.
You must not
- Use the platform for anything illegal, fraudulent or that infringes third-party rights.
- Invoice for goods or services you have not provided or do not intend to provide.
- Send messages to students that are harassing, deceptive, or unrelated to their enrolment.
- Use the platform to send unsolicited marketing (spam) to any recipient.
- Attempt to bypass authentication, rate limits, or Row-Level Security.
- Probe, scan, or load-test the service without prior written permission (see below).
- Upload malware, run cryptomining, or attempt to enumerate other tenants' data.
- Store special-category personal data (health, religion, etc.) or payment card numbers in free-text fields.
You must
- Keep your account credentials confidential and use MFA where available.
- Have a lawful basis under UK GDPR for uploading student data.
- Honour refund and cancellation obligations you owe to your students.
- Tell us promptly if you suspect a security incident or unauthorised access.
Reporting abuse
To report abuse of the platform or of your data by another user, email abuse@coursepay.co. Security-vulnerability reports should go to security@coursepay.co. We will respond to good-faith reports and will not pursue researchers who follow responsible-disclosure principles.
Questions? Email hello@coursepay.co.
