Skip to content
Connect by Vinpro

Legal

Acceptable Use Policy

Connect by Vinpro / Vinpro Global Services LLC / Vinpro Global Services Pvt Ltd and applicable Indian associate companies

Effective Date: [1st June 2026] | Last Updated: [1st June 2026]

This recommended revised version is intended to replace the current short working draft after internal and legal approval. Remove this note and the footer draft wording before publication.

1. Introduction and Scope

This Acceptable Use Policy ("AUP") sets out the rules that apply when you access or use the Connect by Vinpro website, portals, HRMS, payroll, EOR, staffing, recruitment, compliance-support, support, application, API, integration, documentation, file-upload, communication, automation, AI-assistant, and related services (together, the "Services").

This AUP applies to website visitors, prospective customers, customers, customer administrators, authorised users, employees, EOR workers, candidates, contractors, consultants, vendors, and any other person or organisation that accesses or uses the Services ("you" or "Users").

By accessing or using the Services, you agree to comply with this AUP. If you use the Services on behalf of an organisation, you are responsible for ensuring that your authorised users, employees, contractors, agents, and representatives comply with this AUP.

2. Responsible Vinpro Entities

For purposes of this AUP, "Vinpro", "Connect by Vinpro", "we", "our", or "us" refers to the relevant Vinpro entity responsible for the applicable service, processing activity, or customer relationship. Unless a signed agreement states otherwise, the following allocation applies:

Entity

Relevant activities

Vinpro Global Services LLC

Customer billing, contracts, invoicing, payment records, customer account administration, and related commercial administration.

Vinpro Global Services Pvt Ltd and applicable Vinpro associate companies in India

Website enquiries, India EOR worker interactions, HRMS portal operations, India service delivery, payroll and workforce operations in India, and related operational administration.

If your signed order form, master services agreement, employment agreement, statement of work, data processing agreement, or other written agreement names a different Vinpro entity or contains more specific terms, that agreement will control for the relevant service or relationship.

3. Relationship with Other Legal Documents

This AUP supplements and should be read together with our Terms of Service, Privacy Policy, Cookie Policy, Data Processing Agreement, Security Overview, Sub-processor list, and any applicable signed customer or employment agreement. If there is a conflict between this AUP and a signed agreement with Vinpro, the signed agreement will prevail to the extent of the conflict.

This AUP does not grant any additional rights to use the Services beyond those granted in your applicable agreement, order form, account invitation, employment arrangement, or authorised access instructions.

4. Authorised Access and Account Security

You must:

use the Services only through authorised accounts, approved access channels, and permitted integrations;

provide accurate, current, and complete account, billing, workforce, payroll, and contact information;

keep usernames, passwords, API keys, access tokens, MFA devices, and other credentials confidential and secure;

use reasonable security controls, including strong passwords and multi-factor authentication where available or required;

promptly update or remove user access when a person leaves your organisation, changes role, no longer requires access, or should no longer see specific data;

promptly notify Vinpro of suspected credential compromise, unauthorised access, misdirected data, security incidents, or misuse of the Services; and

ensure that each user accesses only the data and functionality that they are authorised to access.

You must not:

share accounts or credentials, except through approved delegated-access features;

impersonate another person or organisation, misrepresent your authority, or create accounts using false or misleading information;

circumvent access controls, approvals, permission levels, rate limits, usage limits, security controls, or billing controls;

allow unauthorised third parties to access the Services, including through shared screens, exported reports, unattended sessions, or unsecured devices; or

use the Services after your authorisation, customer relationship, employment relationship, or contractual right of access has ended.

5. Customer, Workforce, and Personal Data Responsibilities

Many Vinpro services involve payroll, HRMS, staffing, candidate, employee, contractor, EOR, tax, statutory, financial, identification, and other workforce-related information. You are responsible for ensuring that any data, documents, instructions, prompts, files, or content that you submit to the Services ("Customer Data") are lawful, accurate, necessary, authorised, and appropriate for the relevant service.

You must:

have a lawful basis, valid authority, and all required notices, consents, contracts, and approvals before uploading or instructing Vinpro to process personal data;

submit only personal data that is necessary for the applicable service, role, payroll instruction, employment process, compliance obligation, support request, or integration;

ensure that employee, contractor, candidate, payroll, tax, bank, attendance, leave, reimbursement, benefits, and statutory information is accurate and updated promptly;

use approved workflows and secure channels when submitting government IDs, bank details, tax information, health or benefits information, dependent information, children's information, or other sensitive data;

avoid submitting special category, sensitive, biometric, health, union, religious, caste, political, criminal-offence, dependent, child, or similar higher-risk data unless it is strictly necessary, lawful, and authorised;

respect applicable U.S., UK, Indian, and other relevant privacy, employment, tax, wage, social-security, anti-discrimination, anti-harassment, anti-spam, cybersecurity, anti-corruption, sanctions, and intellectual-property laws; and

cooperate with Vinpro in responding to data-subject, Data Principal, employee, regulator, law-enforcement, security, payroll, statutory, or employment-related requests where legally required or contractually agreed.

6. Prohibited Uses

You must not use, encourage, facilitate, or allow others to use the Services for any activity described below. The examples are not exhaustive. Vinpro may treat similar or related conduct as a violation where it creates legal, security, operational, privacy, employment, reputational, or platform-integrity risk.

6.1 Illegal, Fraudulent, or Harmful Activity

violating any applicable law, regulation, court order, government direction, contractual obligation, professional obligation, or third-party right;

fraud, deception, misrepresentation, identity theft, forgery, document falsification, fake employment records, fake invoices, fake reimbursement claims, fake payslips, or manipulation of payroll, attendance, leave, tax, or statutory records;

bribery, corruption, money laundering, terrorist financing, sanctions violations, export-control violations, human trafficking, forced labour, child labour, or unlawful recruitment practices;

unlawful discrimination, harassment, retaliation, intimidation, abuse, exploitation, unsafe work instructions, or conduct that violates employment, labour, wage, benefits, tax, immigration, or workplace-safety obligations;

circumventing employee rights, statutory contributions, payroll taxes, withholding obligations, benefit obligations, work-authorisation requirements, or legal processes; or

using the Services to support an unlawful, deceptive, abusive, or harmful business model.

6.2 Security, Network, and Platform Abuse

introducing malware, ransomware, spyware, viruses, worms, trojans, malicious scripts, harmful code, corrupted files, or unauthorised software;

probing, scanning, penetration testing, vulnerability testing, load testing, stress testing, or security testing without Vinpro's prior written permission;

credential stuffing, password spraying, brute forcing, phishing, social engineering, session hijacking, token theft, API-key abuse, or unauthorised attempts to access systems or data;

interfering with or disrupting the Services, infrastructure, networks, APIs, databases, integrations, third-party providers, or other users;

bypassing authentication, authorisation, encryption, logging, monitoring, throttling, rate limits, CAPTCHAs, security controls, feature restrictions, or usage controls;

deploying bots, scrapers, crawlers, automation, or high-volume requests that degrade service, bypass controls, harvest data, or exceed permitted use;

using the Services for crypto-mining, spam relays, botnets, command-and-control activity, denial-of-service attacks, or attacks against third parties;

attempting to discover, extract, expose, or misuse source code, secrets, API keys, system prompts, model configurations, credentials, private keys, tokens, or non-public technical information; or

failing to notify Vinpro promptly of suspected security incidents, compromised accounts, unauthorised access, or exposed data.

6.3 Abusive Communications and Content

sending spam, phishing, spoofed communications, unsolicited bulk messages, deceptive messages, malicious links, fake invoices, social-engineering messages, or illegal marketing communications;

uploading, generating, transmitting, storing, or distributing unlawful, defamatory, obscene, hateful, discriminatory, harassing, threatening, exploitative, violent, abusive, invasive, or otherwise harmful content;

uploading or sharing content that exploits or endangers children or vulnerable individuals;

infringing intellectual-property rights, publicity rights, privacy rights, confidentiality obligations, trade secrets, or contractual restrictions;

publishing another person's personal data, confidential information, credentials, bank details, government IDs, payslips, employment records, medical information, tax details, or private communications without proper authority;

misrepresenting Vinpro, our customers, workers, candidates, partners, services, certifications, approvals, pricing, or legal/compliance capabilities; or

using the Services to harass, monitor, track, profile, or surveil employees, candidates, contractors, customers, or other individuals in a manner that is unlawful, excessive, undisclosed, or unauthorised.

6.4 Personal Data and Confidential Information Misuse

collecting, uploading, accessing, using, disclosing, exporting, selling, sharing, or otherwise processing personal data without lawful basis, authority, notice, consent, or contractual permission where required;

using workforce, payroll, HRMS, candidate, or EOR data for unrelated advertising, profiling, resale, enrichment, data brokerage, or purposes not authorised by the applicable customer, worker, candidate, agreement, or law;

re-identifying de-identified, aggregated, anonymised, or pseudonymised data without permission;

scraping, harvesting, extracting, or compiling personal data from the Services, users, workers, candidates, or website visitors;

submitting excessive, irrelevant, outdated, inaccurate, misleading, or unlawfully obtained personal data;

placing payroll data, bank data, tax IDs, national IDs, health information, background-check information, dependent data, or confidential customer data into public website forms, the public AI assistant, unapproved emails, or other channels not intended for that data; or

failing to apply appropriate access restrictions, retention controls, deletion instructions, incident reporting, or data-export controls for data you manage through the Services.

6.5 Intellectual Property, Confidentiality, and Competitive Misuse

copying, modifying, reverse engineering, decompiling, disassembling, or attempting to derive the source code, underlying models, architecture, algorithms, workflows, or non-public components of the Services except where expressly permitted by law;

removing, obscuring, or altering proprietary notices, trademarks, copyright notices, branding, or confidentiality legends;

using Vinpro content, documentation, outputs, templates, or user-interface elements to build, train, improve, benchmark, or market a competing product or service without written permission;

benchmarking, load testing, or publishing performance, security, uptime, AI-output, or feature comparisons without Vinpro's prior written permission; or

misusing Vinpro names, trademarks, logos, domain names, service names, testimonials, customer names, or partner names.

7. Service-Specific Requirements

7.1 HRMS, Payroll, Attendance, Leave, Reimbursement, and Workforce Management

When using HRMS, payroll, attendance, leave, reimbursement, benefits, statutory, reporting, or workforce-management features, you must not:

enter false, incomplete, misleading, backdated, manipulated, or unauthorised payroll, attendance, leave, salary, benefit, tax, bank, statutory, reimbursement, or employment information;

approve or instruct payments, deductions, reimbursements, allowances, benefits, tax treatment, statutory filings, terminations, or employment changes without proper authority and supporting documentation;

bypass maker-checker, approval, audit, or segregation-of-duty controls;

misclassify workers, avoid required payroll taxes or statutory contributions, or use the Services to avoid labour, wage, social-security, tax, immigration, or benefits obligations;

upload counterfeit, altered, or unlawfully obtained identity, address, tax, bank, education, experience, immigration, background-check, or employment documents;

use HRMS data for unlawful monitoring, discrimination, harassment, retaliation, or employment decisions without required human review and legal compliance; or

export or share reports containing personal data except with authorised recipients and appropriate safeguards.

7.2 Employer of Record (EOR), Staffing, Recruitment, and Candidate Services

When using EOR, staffing, recruitment, onboarding, compliance-support, or related worker services, you must not:

represent that an EOR worker, candidate, employee, contractor, or consultant has a role, status, compensation, location, authorisation, benefit, reporting line, or employment arrangement that is not accurate;

direct, pressure, or require EOR workers, employees, candidates, or contractors to violate law, employment documents, workplace policies, security rules, confidentiality obligations, working-time rules, health-and-safety rules, or Vinpro instructions;

charge unlawful recruitment fees to candidates, withhold documents unlawfully, require unlawful deposits, or engage in exploitative or misleading recruitment practices;

submit unlawful job requirements, discriminatory selection criteria, harassing communications, misleading job descriptions, or unauthorised background-check requests;

use the EOR service to create sham employment, avoid immigration or tax law, misstate the place of work, hide a permanent establishment risk, or conceal the true nature of a working arrangement; or

terminate, discipline, suspend, change pay, change role, relocate, or materially alter work conditions for an EOR worker except through approved processes and as permitted by applicable law and agreements.

7.3 AI Assistant, Automation, Templates, and System Outputs

The public AI assistant, currently known as Neo, is provided for general information about Vinpro and our services. The public assistant is not intended to access customer or employee records and should not be used as a channel for submitting confidential, personal, payroll, statutory, banking, government-ID, health, dependent, child, or sensitive workforce data.

You must not:

attempt to jailbreak, override, manipulate, or bypass AI, automation, workflow, content, safety, security, or access controls;

attempt to extract system prompts, hidden instructions, training data, model weights, secrets, keys, confidential information, customer data, employee data, or non-public technical information;

submit unlawful, harmful, infringing, confidential, sensitive, or personal data to the AI assistant unless the relevant interface is expressly designed for that purpose and your agreement authorises it;

use AI or automated outputs as legal, tax, accounting, employment, immigration, payroll, financial, or professional advice;

use AI or automated outputs as the sole basis for decisions that materially affect employees, candidates, contractors, customers, or other individuals without appropriate human review, lawful basis, notice, and safeguards;

generate phishing, malware, credential-harvesting, evasion, social-engineering, harassment, discriminatory, deceptive, or unlawful content; or

represent AI-generated content, template outputs, payroll illustrations, calculators, compliance summaries, or automated reports as final, verified, professional, legal, tax, or regulatory advice unless expressly confirmed in writing by authorised Vinpro personnel or qualified professionals under an applicable engagement.

7.4 APIs, Integrations, Imports, and Exports

When using APIs, integrations, bulk uploads, imports, exports, webhooks, or data connectors, you must:

use only authorised, documented, and supported methods of access;

protect API keys, tokens, secrets, certificates, integration credentials, and connected-system credentials;

comply with rate limits, technical instructions, field requirements, mapping requirements, and security controls;

validate that imported data is accurate, necessary, authorised, and free from malware or harmful code;

ensure exports containing personal or confidential data are stored, transmitted, retained, and deleted securely; and

promptly revoke or rotate credentials and notify Vinpro if an integration or credential is compromised.

8. Jurisdiction-Specific Compliance: United States, United Kingdom, and India

The Services may support customers, workers, candidates, and users connected with the United States, the United Kingdom, and India. You are responsible for complying with the laws that apply to you, your users, your workers, your candidates, your data, your instructions, and your use of the Services.

Jurisdiction

Examples of obligations users must respect

United States

Applicable federal and state employment, wage/hour, tax, privacy, consumer-protection, cybersecurity, anti-discrimination, anti-harassment, anti-spam, sanctions, export-control, anti-bribery, and recordkeeping laws.

United Kingdom

Applicable UK GDPR, Data Protection Act, electronic-communications, employment, equality, immigration, tax, payroll, pension, workplace-safety, sanctions, anti-bribery, and recordkeeping obligations.

India

Applicable Digital Personal Data Protection, Information Technology, labour, wage, social-security, tax, provident-fund, ESI, professional-tax, TDS, employment, workplace, anti-corruption, cybersecurity, and statutory-record obligations.

Vinpro may refuse to process instructions or data that appear unlawful, unauthorised, inaccurate, incomplete, unsafe, discriminatory, abusive, inconsistent with an applicable agreement, or likely to expose Vinpro, a customer, a worker, a candidate, or another person to legal, security, privacy, employment, or operational risk.

9. Security Testing and Responsible Disclosure

You may not conduct vulnerability scanning, penetration testing, load testing, stress testing, social engineering, physical testing, denial-of-service testing, testing against third-party providers, or any security research involving customer, employee, candidate, payroll, statutory, or personal data without Vinpro's prior written permission.

If Vinpro authorises security testing in writing, you must:

follow the approved scope, timing, methods, accounts, targets, and reporting process;

avoid privacy-invasive, destructive, disruptive, denial-of-service, persistence, lateral-movement, phishing, social-engineering, or data-exfiltration techniques;

stop testing immediately if you encounter personal data, confidential information, service disruption, or unauthorised access;

report findings promptly, confidentially, and with enough detail for Vinpro to investigate and remediate; and

not publicly disclose vulnerabilities or exploit details until Vinpro has had a reasonable opportunity to investigate and address the issue.

10. Monitoring, Investigation, and Cooperation

Vinpro may monitor, log, review, investigate, preserve, restrict, or disclose information about use of the Services where reasonably necessary to operate and secure the Services, enforce this AUP, comply with law, protect rights, prevent misuse, respond to security incidents, support audits, or assist customers and authorities as legally permitted or required. Monitoring will be conducted in accordance with applicable law and our Privacy Policy.

You must cooperate with reasonable investigations of suspected AUP violations, security incidents, data incidents, payroll or employment irregularities, unauthorised access, misuse of credentials, or unlawful instructions. Cooperation may include providing information, preserving records, disabling accounts, correcting data, revoking access, notifying affected persons, and taking remediation steps.

11. Enforcement

If Vinpro believes that you, your users, your systems, your Customer Data, or your use of the Services violates this AUP or creates risk, Vinpro may take action with or without prior notice, depending on the circumstances.

Enforcement actions may include:

issuing a warning or requiring corrective action;

blocking, removing, quarantining, or disabling access to prohibited content, files, integrations, prompts, exports, or data;

limiting, throttling, suspending, or terminating accounts, users, features, APIs, integrations, or Services;

requiring password resets, MFA enrollment, credential rotation, access reviews, data correction, deletion, or security remediation;

delaying, refusing, reversing, or escalating payroll, HR, EOR, staffing, reimbursement, onboarding, termination, or statutory instructions that appear unlawful, inaccurate, unauthorised, unsafe, or inconsistent with the Services;

notifying the relevant customer, worker, candidate, counterparty, regulator, law-enforcement body, or third-party provider where legally permitted or required;

preserving records and evidence related to suspected misuse; and

pursuing contractual, equitable, legal, regulatory, or other remedies.

Vinpro is not obligated to monitor all activity or content, and failure to act in one situation does not waive Vinpro's right to act in another situation. Vinpro may exercise discretion in enforcement based on risk, severity, recurrence, intent, cooperation, and legal obligations.

12. Reinstatement and Appeals

If access is suspended or restricted for suspected misuse, the affected customer or user may contact Vinpro using the contact details below. Vinpro may require identity verification, investigation cooperation, corrective actions, written assurances, security remediation, account reviews, data deletion, or contractual undertakings before reinstating access. Vinpro is not required to reinstate access where the risk is not resolved or where termination is permitted by agreement or law.

13. Reporting Abuse, Security Issues, or Policy Violations

Please report suspected abuse, security vulnerabilities, unauthorised access, data incidents, phishing, spam, impersonation, fraudulent use, or other AUP violations as soon as possible.

Type of report

Contact

Privacy, data protection, Data Principal / data-subject, or personal-data concerns

privacy@vinproconnect.com

General abuse, HRMS, EOR, payroll, staffing, support, or account issues

info@vinproconnect.com

Security vulnerabilities or suspected account compromise

security@vinproconnect.com or privacy@vinproconnect.com

Reports should include, where available:

a description of the issue;

affected account, user, URL, worker, candidate, system, integration, message, or record;

date and time of the activity;

supporting screenshots, logs, headers, sample files, or evidence, excluding unnecessary personal data;

steps already taken to contain or remediate the issue; and

your contact details for follow-up.

14. Changes to This AUP

Vinpro may update this AUP from time to time to reflect changes in the Services, laws, security practices, business operations, or risk requirements. Updates will be posted on www.vinproconnect.com or otherwise made available through the Services. Where required by law or contract, Vinpro will provide additional notice of material changes.

15. Contact

Vinpro Global Services LLC / Vinpro Global Services Pvt Ltd and applicable Vinpro associate companies in India

Website: www.vinproconnect.com

Privacy Contact: privacy@vinproconnect.com

General Contact: info@vinproconnect.com