Acceptable Use Policy

1. About this Policy

This Acceptable Use Policy (“AUP”) sets out the rules of conduct on TAG Vault, the e-signing and document custody platform operated by VTAG Software Private Limited under the TAG Projects brand (“TAG Vault”, “we”, “us”). It applies to:

• every account-holder (the person or organisation that creates a TAG Vault account);
• every signer (any person who is invited to sign a document on TAG Vault, whether or not they hold an account); and
• every viewer (any person granted view-only access to a document or who uses the public verification endpoint).

This AUP is part of, and must be read with, our Terms of Service (“Terms”) and Privacy Policy. Where this AUP says something different from the Terms, the Terms control on commercial matters and this AUP controls on conduct matters. We will not lower our retention, security, or evidentiary commitments described in the Terms because of anything in this AUP.

This AUP is binding on every user from the moment they first interact with the platform, including invited signers who never create an account.

2. Documents we cannot host for electronic signature

The First Schedule of the Information Technology Act, 2000 (“IT Act”), as amended by the Ministry of Electronics and Information Technology notification dated 26 September 2022 (gazetted 4 October 2022), excludes certain documents from electronic execution. You may not upload any of the following to TAG Vault for the purpose of electronic signature:

1. Negotiable Instruments other than cheques under the Negotiable Instruments Act, 1881 (for example, promissory notes and bills of exchange). A limited carve-out exists where the donee is an entity regulated by the Reserve Bank of India, National Housing Bank, Securities and Exchange Board of India, Insurance Regulatory and Development Authority of India, or Pension Fund Regulatory and Development Authority (“BFSI-regulated entity”) — but this carve-out is intended for institutional users and is not available on the consumer flow.
2. Powers of Attorney between individuals under the Powers-of-Attorney Act, 1882. POAs where the donee is a BFSI-regulated entity remain electronically signable.
3. Trust deeds creating a trust under §3 of the Indian Trusts Act, 1882.
4. Wills and codicils as defined in §2(h) of the Indian Succession Act, 1925.

We enforce this prohibition at upload time through our document-type taxonomy. If you select one of the prohibited categories, the upload will be blocked. If you misclassify a document at upload to bypass the gate, you breach this AUP and your account is liable to suspension or termination.

If you are unsure whether a document falls into a prohibited category, please contact legal@brikbond.com before uploading.

3. Content prohibitions

Drawing on Rule 3(1)(b) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Rules 2021”), you may not upload, store, transmit, or share any content through TAG Vault that:

• infringes any patent, trademark, copyright, design, trade-secret, or other proprietary right of any third party;
• is obscene, pornographic, paedophilic, or invasive of any person’s privacy, including bodily privacy;
• is defamatory, libellous, or harms the reputation of any person;
• threatens the unity, integrity, sovereignty, security of India, or its friendly relations with foreign States, or public order;
• incites the commission of any cognisable offence under Indian law, or relates to or encourages money-laundering, gambling, or terrorism;
• contains software viruses, worms, ransomware, trojans, or any code or routine that compromises the integrity, availability, or security of the platform or any user device;
• is forged, contains false signatures, fictitious parties, false consideration, or any other fraudulent element;
• creates a contract for an unlawful object or unlawful consideration as defined under §23 of the Indian Contract Act, 1872 (“ICA”), and is therefore void;
• involves the sale or transfer of items or services prohibited under Indian law (including controlled substances under the Narcotic Drugs and Psychotropic Substances Act, 1985, weapons without licence under the Arms Act, 1959, or any commodity whose dealing is restricted without a regulatory licence).

This list is illustrative, not exhaustive. Anything that would be unlawful if done offline is unlawful if done through TAG Vault.

4. Conduct prohibitions

You may not, in connection with TAG Vault:

• Personal data of others. Upload, share, or otherwise process the personal data of any third party without the consent required by §6 of the Digital Personal Data Protection Act, 2023 (“DPDP Act”), or another lawful basis under §7 of the DPDP Act.
• Children’s data. Upload personal data of any person under 18 years of age in violation of §9(3) of the DPDP Act. Where a minor’s data is referenced for a legitimate purpose (for example, naming a minor as a nominee or beneficiary), you warrant that you hold verifiable parental or lawful-guardian consent.
• Spam. Use TAG Vault to send bulk messages, promotional broadcasts, or unsolicited communications. Do not use the platform to harvest email addresses, phone numbers, or other contact details for marketing.
• Reverse-engineering. Decompile, disassemble, scrape, crawl, or otherwise attempt to derive the source code, object code, or underlying ideas of TAG Vault, except to the limited extent that Indian law expressly permits and we cannot lawfully restrict.
• Bypassing controls. Circumvent or attempt to circumvent rate limits, security controls, authentication mechanisms, or access restrictions, including by using bots, headless browsers, or credential-stuffing tools.
• Credential sharing. Share your account credentials, OTP codes, refresh tokens, or session cookies with any other person. One account = one person.
• Verification endpoint misuse. Use the public POST /v1/verify endpoint for unlawful surveillance, including mass-scanning of sealed-document SHA-256 hashes for de-anonymisation, profiling, or harvesting purposes.
• Harassment. Use TAG Vault to harass, stalk, intimidate, threaten, defame, or impersonate any person, or to facilitate any of these acts.
• Account evasion. Create multiple accounts to evade a suspension, termination, or rate limit imposed on a prior account.
• Acting without authority. Use TAG Vault on behalf of another person or organisation without their authority, or sign a document on behalf of a person you are not authorised to bind.
• Misrepresentation. Misrepresent your identity, professional status, or registrations on TAG Vault. In particular, do not claim “notary” status when you are not a notary public appointed under the Notaries Act, 1952; do not claim RERA real-estate-agent registration where none exists; do not claim advocacy enrolment when not enrolled.

5. Real-estate-specific prohibitions

TAG Vault is built for real-estate workflows, and certain real-estate-specific abuses are particularly capable of harming third parties:

• Misleading registration claims. You may not upload a document that purports to register title to, or transfer interest in, immovable property and pretend that signing on TAG Vault has effected registration where registration with the Sub-Registrar under §17 of the Registration Act, 1908 has not in fact been completed. E-signing forms a contract under §10A IT Act; it does not register a document. The full disclosure on stamping and registration sits in the Terms — see “Stamping and registration are your responsibility”.
• Misuse of platform features. You may not represent the TAG Vault audit log, certificate of completion, or §63 BSA / §65B IEA evidence certificate as a notarial act, an attestation by a Sub-Registrar, or any other formal authentication that has not occurred. The certificate proves that a record was generated and sealed by TAG Vault; it does not prove notarisation, registration, or stamping.
• Stamp-duty evasion. You may not knowingly upload a document that you believe is deficient in stamp duty under the Indian Stamp Act, 1899 or the relevant State stamp law with the intent to evade duty. Stamp duty is your responsibility (see Terms); this AUP additionally prohibits using TAG Vault as a tool to defeat it.

6. AI and automated processing prohibitions

• No third-party AI training. You may not upload content to TAG Vault for the purpose of training, fine-tuning, or evaluating any third-party artificial-intelligence or machine-learning model. We do not train models on user content ourselves, and we will not host the practice on the platform either.
• No bulk-signing endpoint use. You may not use TAG Vault as an automated bulk-signing endpoint, signature-mill, or signature-as-a-service backend for a downstream product without a separate B2B agreement and a signed Data Processing Addendum with us. Contact legal@brikbond.com if this describes your use case.

7. Reporting violations

If you believe that any content or activity on TAG Vault breaches this AUP, please report it to abuse@brikbond.com. To help us act fast, please include:

• the document or envelope URL, or the envelope code;
• the SHA-256 hash where you have it (for sealed documents);
• a short description of the violation and which clause of this AUP it breaches;
• your name and contact email; and
• any supporting material (screenshots, copies of relevant rights documents for IP claims).

We acknowledge every abuse report within 24 hours of receipt.

8. Takedown and removal procedure

When we receive a valid notice of a violation, we will act within the following timelines:

For borderline cases that involve a legitimate dispute (for example, a contested intellectual-property claim or a counter-statement by the uploader), we may invite the uploader to comment before we take action. We will not invite comment, and will act immediately, where the content is plainly unlawful, plainly non-consensual sexual material, or otherwise creates a clear and present risk of harm.

If your content is removed and you believe the removal was wrong, you may use our grievance redressal mechanism (see clause 13).

9. Account suspension and termination

We apply a graduated response. Each escalation is documented in your account record, and you may dispute it under clause 13.

1. First minor violation. Written warning + removal of the offending content. No account-level penalty.
2. Second minor violation OR a single major violation. Temporary suspension of up to 30 days, with a written notice setting out the violation and the steps required to lift the suspension. During suspension, your sealed documents remain retained in S3 Object Lock COMPLIANCE storage and accessible to courts, regulators, and counterparties — only your active workflow is paused.
3. Repeat violation OR severe violation. Permanent termination of your account. Severe violations include child sexual abuse material, credible threats of violence, attempts to compromise platform security, repeat upload of the §2 hard-block documents after warning, and automated bulk-signing without authorisation.

Termination does not erase your sealed documents — they remain in 10-year retention as described in the Data Retention Policy, because that retention is a legal-obligation requirement under §7(c) read with §8(7) proviso of the DPDP Act.

You retain the right to grievance redressal at every step (see clause 13).

10. Cooperation with law enforcement

We comply with lawful directions issued under §69, §69A, §70, and §79 of the IT Act; with lawful orders of any court or tribunal of competent jurisdiction in India; and with properly served subpoenas and summons. We disclose user data only to the extent the law requires, and we keep an internal log of every disclosure. From Phase 2c onwards we plan to publish an annual transparency report summarising the volume and categories of lawful-access requests we receive.

11. §79 IT Act safe-harbour notice

TAG Vault qualifies as an “intermediary” under §79 of the IT Act read with the IT Rules 2021. We observe the due-diligence obligations set out in Rule 3, including the publication of this AUP, the appointment of a Grievance Officer, and the operation of takedown timelines. To the maximum extent permitted by law, we disclaim liability for content uploaded, transmitted, or stored by users in their capacity as users — provided that we satisfy the conditions in §79(2) and (3) of the IT Act and Rule 3 of the IT Rules 2021.

We act as an intermediary within §2(1)(w) IT Act for the storage and routing of documents you upload. The cryptographic seal we apply, the §63 BSA / §65B IEA certificate page, and the audit log are TAG Vault’s own records, which we maintain as a Data Fiduciary, not as an intermediary. The §79 safe-harbour applies to the intermediary functions; our certificate-of-completion and seal are our own evidentiary statements.

12. Indemnity

You will indemnify and hold harmless TAG Vault, VTAG Software Private Limited, TAG Projects, and their respective directors, officers, employees, and contractors from and against any third-party claim, demand, proceeding, loss, liability, damage, cost, or expense (including reasonable legal fees) arising out of or in connection with: (i) your breach of this AUP; (ii) any content you upload, transmit, or share through TAG Vault; or (iii) your use of TAG Vault in violation of any applicable law. The aggregate cap that applies to your indemnity, and the carve-outs that override the cap, are set out in the Limitation of Liability clause of the Terms.

13. Grievance Officer

In compliance with Rule 3(2)(a) of the IT Rules 2021, we have designated a Grievance Officer for AUP-related complaints. The Grievance Officer also acts as our DPDP §13 Grievance Officer for personal-data complaints and our Consumer Protection (E-Commerce) Rules 2020 Rule 4(5) Grievance Officer for consumer matters.

Grievance Officer
Vijay Sivanjan
TAG Projects (operated by VTAG Software Private Limited)
Karnataka, India
Email: grievance@brikbond.com
Email is the preferred contact method.

Service-level commitments:

• IT Rules 2021 Rule 3(2)(a): Acknowledgement within 24 hours of receipt; disposal within 15 days of receipt.
• DPDP §13 + Rule 13 (DPDP Rules 2025): Acknowledgement within 48 hours of receipt; resolution within 30 days of receipt, extensible by a further 30 days for complex matters with a reasoned written intimation.
• Consumer Protection (E-Commerce) Rules 2020 Rule 4(5): Acknowledgement within 48 hours; disposal within 1 month.

DPDP-specific grievances are acknowledged within 48 hours; the operative SLA is the shorter of the IT Rules 2021 (24 hours) or DPDP (48 hours) depending on the grievance type. Where multiple SLAs apply, the shortest SLA applies.

You may also escalate to the Data Protection Board of India under §27 of the DPDP Act, or to any court or consumer commission of competent jurisdiction. Nothing in this AUP curtails your statutory rights, and any clause that purports to oust the jurisdiction of Indian courts is void under §28 ICA.

14. Contact