Acceptable Use Policy
This Acceptable Use Policy (“AUP”) is issued by Megamax Services Pvt. Ltd. (“Megamax”, “we”, “us”, “our”) and forms part of, and is incorporated by reference into, the Terms and Conditions of Service governing the Kasturi HR Platform (the “Agreement”), together with the Privacy Policy and the Data Processing Agreement (“DPA”). Capitalised terms not defined in this AUP have the meaning given to them in the Agreement.
This AUP sets out the rules governing the Customer’s and its Authorised Users’ access to and use of the Platform. It restates and consolidates, for ease of reference, the prohibited conduct already set out in Clause 4.3 of the Agreement, and adds further operational guidance. In the event of any conflict between this AUP and Clause 4.3 of the Agreement, the Agreement shall prevail. A breach of this AUP constitutes a Material Breach of the Agreement to the same extent as a breach of Clause 4.3, with the consequences set out in Clause 4.4 of the Agreement (including immediate suspension or termination without refund, liquidated damages, and injunctive relief).
1. Purpose
This AUP exists to protect the security, integrity, and availability of the Platform, to protect the rights of other Customers and Authorised Users, and to ensure that the Platform is used only for its intended purpose as a Human Resource Management System for the Customer’s own workforce.
2. Permitted Use
The Platform may be used only for its intended purpose as an HRMS solution for managing the Customer’s own workforce, consistent with Clause 4.2 of the Agreement. Any use beyond this scope requires Megamax’s prior written consent.
3. Technical Prohibitions
The Customer and its Authorised Users shall not, and shall not permit any third party to:
- reverse engineer, decompile, disassemble, decode, or otherwise attempt to derive or access the source code, algorithms, or trade secrets underlying the Platform;
- modify, adapt, translate, or create derivative works based on the Platform or any component thereof;
- attempt to bypass, disable, or circumvent any security, access control, licence control, or authentication mechanism of the Platform;
- interfere with, disrupt, or degrade the integrity, performance, or availability of the Platform or any of its underlying infrastructure, including by introducing excessive load, denial-of-service (DoS) attacks, or similar actions;
- use any automated tool, bot, scraper, crawler, script, or robotic process automation (RPA) tool to access, extract data from, or interact with the Platform except through Megamax’s officially supported API and in strict compliance with Megamax’s API Terms of Use;
- conduct or commission any security testing, vulnerability assessment, or penetration testing (VAPT) on the Platform’s production environment without Megamax’s prior written authorisation;
- upload or introduce viruses, Trojan horses, worms, ransomware, time bombs, cancelbots, or any other malicious code or harmful software into the Platform;
- consolidate connections or use virtualisation, multiplexing, or pooling techniques to circumvent user or device limits set in the Agreement;
- use the Platform or any derived data to develop, train, or benchmark competing HRMS or AI software, consistent with Clause 7.7 of the Agreement.
4. Legal and Conduct Prohibitions
The Customer and its Authorised Users shall not:
- use the Platform for any purpose that is unlawful, fraudulent, deceptive, or in violation of any applicable law or regulation;
- upload, transmit, or make accessible through the Platform any content that infringes the Intellectual Property Rights, privacy rights, or other rights of any third party;
- impersonate any individual or entity, or misrepresent affiliation with any person or organisation;
- use the Platform to harass, stalk, threaten, or collect or store personal data about any individual without authorisation or lawful basis;
- transmit unsolicited commercial communications (spam), phishing messages, or any form of unlawful solicitation through the Platform;
- rent, lease, lend, sell, sublicense, assign, or otherwise transfer access rights to the Platform or any part thereof to any third party;
- modify, remove, or obscure any copyright notice, trademark, or other proprietary marking visible on or through the Platform;
- use the Platform to provide services to third parties in the nature of a bureau service, outsourced processing service, or service provider arrangement unless separately authorised by Megamax in writing;
- transmit content that is unlawful, defamatory, harassing, libellous, invasive of another’s privacy, abusive, threatening, harmful, vulgar, pornographic, obscene, offends religious sentiments, promotes racism, or otherwise objectionable, consistent with Clause 11 of the Agreement.
5. Credential and Account Security
Consistent with Clause 3.3 and 3.5 of the Agreement, each Authorised User must be assigned a unique login identifier. Credentials issued to one Authorised User must not be shared with or transferred to another individual. The Customer is responsible for promptly notifying Megamax at support@kasturihr.com upon discovering any actual or suspected unauthorised access to or use of its account.
6. Employee Data Responsibilities
Where the Customer uploads employee personal data to the Platform, it must comply with its obligations as Data Fiduciary under Clause 5 of the Agreement, including obtaining lawful consents and issuing privacy notices before uploading such data. Users uploading profile data must not include information they would not wish to be accessible to their employer or other authorised users of the Platform, consistent with Section 2.1(b) of the Privacy Policy.
7. Reporting Violations
Suspected violations of this AUP, including spam, abuse, or unauthorised use of the Platform, should be reported to Megamax’s compliance team at legal@megamaxservices.com with the subject line “ABUSE REPORT”, consistent with Section 14 of the Privacy Policy. Megamax reserves the right to audit consent documentation and recipient lists associated with any communications sent through the Platform.
8. Enforcement
A violation of this AUP constitutes a Material Breach of the Agreement under Clause 4.3, entitling Megamax to the remedies set out in Clause 4.4 of the Agreement, including immediate suspension or termination of access without notice or refund, liquidated damages calculated at three times the applicable annual Subscription fee for the modules concerned, and injunctive relief. Megamax may also suspend access under Clause 12.1 of the Agreement where it reasonably suspects unauthorised access, security compromise, or malicious activity.
9. Changes to This Policy
Megamax may amend this AUP from time to time in accordance with Clause 19 of the Agreement. The revised AUP will be published on the Platform with an updated “Last Updated” date. Continued use of the Platform following the effective date of any revision constitutes acceptance of the revised AUP.
Contact
Questions regarding this AUP should be directed to support@kasturihr.com or, for compliance and regulatory matters, legal@megamaxservices.com.


