Acceptable Use Policy

Last updated: 1 July 2026

This policy applies to everyone who uses CoursePay. Breaching it can lead to suspension or termination without refund.

You must not

  • Use the platform for anything illegal, fraudulent or that infringes third-party rights.
  • Invoice for goods or services you have not provided or do not intend to provide.
  • Send messages to students that are harassing, deceptive, or unrelated to their enrolment.
  • Use the platform to send unsolicited marketing (spam) to any recipient.
  • Attempt to bypass authentication, rate limits, or Row-Level Security.
  • Probe, scan, or load-test the service without prior written permission (see below).
  • Upload malware, run cryptomining, or attempt to enumerate other tenants' data.
  • Store special-category personal data (health, religion, etc.) or payment card numbers in free-text fields.

You must

  • Keep your account credentials confidential and use MFA where available.
  • Have a lawful basis under UK GDPR for uploading student data.
  • Honour refund and cancellation obligations you owe to your students.
  • Tell us promptly if you suspect a security incident or unauthorised access.

Reporting abuse

To report abuse of the platform or of your data by another user, email abuse@coursepay.co. Security-vulnerability reports should go to security@coursepay.co. We will respond to good-faith reports and will not pursue researchers who follow responsible-disclosure principles.

Questions? Email hello@coursepay.co.