This Acceptable Use Policy forms part of the binding Terms of Service between Credwave Limited and any person or entity who uses our communication services, applications, or platforms.

By using our Services, you agree to comply with this Policy. Breach of this Policy may result in suspension or termination of your account, legal action, or other corrective measures as deemed appropriate by Credwave.

1. Purpose and Scope

The purpose of this Acceptable Use Policy is to ensure that the Services provided by Credwave are used in a lawful, responsible, and secure manner. The Policy defines standards of acceptable use and prohibits activities that could harm Credwave, our users, or the integrity of our systems and networks.

This Policy applies to all users of Credwave’s Services, including employees, contractors, clients, and third-party partners. It covers all use of our platforms, networks, communication channels, APIs, and related digital infrastructure, whether accessed directly or through integrated systems.

2. Lawful and Responsible Use

All users must use the Services in full compliance with applicable laws and regulations, including but not limited to the Kenya Information and Communications Act, the Kenya Data Protection Act (2019), the Computer Misuse and Cybercrimes Act (2018), and any relevant international standards such as the EU General Data Protection Regulation (GDPR) where applicable.

Users must ensure that their activities do not infringe upon the intellectual property rights, privacy, or data protection rights of others. The Services must not be used for any unlawful purpose, including fraud, identity theft, harassment, or dissemination of prohibited content.

3. Prohibited Conduct

You must not use the Services to transmit, store, or distribute any material that is unlawful, abusive, defamatory, obscene, fraudulent, deceptive, or otherwise objectionable. Specifically, the following activities are strictly prohibited:

  • Engaging in or promoting illegal, immoral, or unethical activities.
  • Transmitting spam, unsolicited communications, or deceptive advertising.
  • Uploading or sharing content that is violent, pornographic, discriminatory, or incites hatred.
  • Using our Services to harass, threaten, or intimidate individuals or organizations.
  • Attempting to gain unauthorized access to systems, networks, or data.
  • Introducing or distributing malicious software, including viruses, worms, or spyware.
  • Misrepresenting the origin or authenticity of messages, emails, or calls.
  • Using our systems to facilitate phishing, fraud, or data theft.
  • Engaging in activities that could damage Credwave’s reputation or compromise service integrity.

4. Network and System Integrity

Users must not interfere with the performance or security of Credwave’s networks, systems, or Services. This includes attempts to bypass authentication controls, exploit system vulnerabilities, or overload network resources.

All users must take reasonable precautions to secure their accounts and devices, including using strong passwords, implementing access controls, and maintaining up-to-date security software. Any suspected breach or security incident must be reported immediately to Credwave.

5. Communication and Messaging Standards

All communications sent through Credwave’s platform, whether by SMS, email, voice, or USSD, must be lawful, transparent, and consent-based.

Users are required to obtain verifiable consent (opt-in) from recipients before sending promotional or marketing messages. Each marketing message must contain a clear and accessible mechanism for recipients to unsubscribe or opt out from future communications.

Credwave strictly prohibits the use of purchased, rented, or harvested contact lists. Users must maintain accurate records of all consent obtained and provide evidence of such consent when requested.

Messages must clearly identify the sender and must not mislead recipients regarding the identity or purpose of the communication. Use of misleading sender IDs or falsified routing information is prohibited.

6. Use of APIs and Technical Services

All integrations and use of Credwave’s Application Programming Interfaces (APIs) must comply with the technical documentation and security requirements provided. Users must not use the APIs in any manner that disrupts the performance of the Services, exposes vulnerabilities, or breaches security standards.

API credentials and authentication keys must be kept secure and must not be shared or exposed to unauthorized individuals. Abuse or misuse of APIs, including excessive automated requests or attempts to reverse-engineer system functionality, is strictly prohibited.

7. Data Protection and Confidentiality

All users must adhere to data protection and privacy principles when handling personal data. Personal data collected, processed, or transmitted through the Services must be used only for lawful and declared purposes, in accordance with the Kenya Data Protection Act (2019) and, where applicable, the GDPR.

Users must ensure that data is collected with proper consent, stored securely, and not shared with third parties without authorization. Any breach of data confidentiality, unauthorized disclosure, or misuse of information is a serious violation of this Policy and may result in termination of access and legal action.

8. Partner and Third-Party Obligations

All Credwave partners, vendors, and affiliates are required to adhere to this Acceptable Use Policy and related contractual terms. Partners must not engage in practices that could cause Credwave or its clients to violate applicable laws or regulatory requirements.

Credwave reserves the right to audit and monitor partner activities to ensure compliance. Partners who fail to uphold these obligations may face suspension, termination, or legal consequences.

9. Prohibited Use of Communication Channels

Credwave’s communication channels (including voice, SMS, email, and USSD) must not be used for any of the following purposes:

  • Dissemination of gambling, betting, or gaming advertisements without regulatory approval.
  • Fraudulent or misleading calls, including caller ID spoofing or number masking.
  • Transmission of political, religious or advocacy messages without proper authorization.
  • Distribution of content targeting minors or exploiting vulnerable individuals.

Users of short code and premium-rate services must ensure that all content is transparent, lawful, and fully compliant with the Communications Authority of Kenya (CAK) and Betting Control and Licensing Board (BCLB) regulations, where applicable.

10. Enforcement and Consequences of Non-Compliance

Credwave reserves the right to investigate any reported violation of this Policy. If a breach is confirmed, Credwave may take one or more of the following actions:

  • Issue a written warning or request corrective action.
  • Suspend or terminate user accounts or services without prior notice.
  • Impose administrative penalties or recover costs incurred as a result of the violation.
  • Report unlawful activities to relevant authorities or regulators.
  • Pursue legal remedies where necessary.

Users are responsible for all actions carried out using their accounts and must indemnify Credwave against any loss, damage, or legal liability resulting from misuse of the Services.

11. Notification and Dispute Resolution

In the event of an alleged breach, Credwave will notify the user in writing, outlining the nature of the violation and the corrective actions required. The user may respond or appeal within seventy-two (72) hours. Failure to respond within the stipulated timeframe may result in escalation or service suspension.

Disputes arising from the enforcement of this Policy shall be resolved in accordance with the dispute resolution provisions contained in the applicable Terms of Service or Agreement with Credwave.

12. Review and Updates

Credwave may amend this Policy from time to time to reflect changes in technology, regulations, or operational requirements. Any material updates will be communicated via our website, and changes will take effect thirty (30) days after publication. Continued use of the Services after this period constitutes acceptance of the revised Policy.

13. Contact Information

For questions, clarifications, or to report a potential violation of this Policy, please contact:

info@credwave.com

Credwave Limited is committed to promoting ethical, secure, and lawful use of its technology. All users are expected to adhere to the highest standards of integrity and responsibility when accessing or using our Services.