Skip to main content

Acceptable Use Policy

Effective: 17 April 2026|
v2026-04-17
Download PDF
Also available in:Turkish (TR)

Acceptable Use Policy

Generated: 2026-04-17T04:04:40.856Z Status: DRAFT — Pending Legal Review


ACCEPTABLE USE POLICY

SummitBridge Horizon Ltd — B2B SaaS Platform


Document Reference: SBH-AUP-2026-001 Version: 1.0 Effective Date: 17 April 2026 Last Reviewed: 17 April 2026 Next Scheduled Review: 17 April 2027 Document Owner: Legal & Compliance Department, SummitBridge Horizon Ltd


IMPORTANT NOTICE

This Acceptable Use Policy forms a legally binding part of your agreement with SummitBridge Horizon Ltd. By accessing or using the Platform, you confirm that you have read, understood, and agree to comply with this Policy. If you do not accept this Policy, you must immediately cease using the Platform and contact us to terminate your account.


TABLE OF CONTENTS

  1. Introduction and Purpose
  2. Definitions
  3. Scope and Application
  4. Who This Policy Applies To
  5. Prohibited Uses
  6. Permitted Uses and Acceptable Conduct
  7. Security Obligations
  8. Data Handling Obligations
  9. AI Agent Usage Obligations
  10. API Usage and Technical Limits
  11. Reporting Mechanisms
  12. Enforcement Actions
  13. Account Suspension and Termination
  14. Consequences of Breach
  15. Amendments to This Policy
  16. Governing Law and Jurisdiction
  17. Contact Information

1. INTRODUCTION AND PURPOSE

1.1 SummitBridge Horizon Ltd (registered in England and Wales, company number 16419201), whose registered office is at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom ("SummitBridge Horizon", "we", "us", or "our"), operates a business-to-business ("B2B") software-as-a-service ("SaaS") platform (the "Platform").

1.2 This Acceptable Use Policy ("Policy") establishes the standards of acceptable and unacceptable conduct governing access to and use of the Platform. It is designed to:

(a) protect the integrity, security, and availability of the Platform and the data processed within it;

(b) protect the rights and interests of all authorised users, customers, and third parties;

(c) ensure compliance with applicable laws, regulations, and regulatory guidance, including but not limited to the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 ("DPA 2018"), the Computer Misuse Act 1990, the Export Control Act 2002, and all other applicable UK and international legislation; and

(d) provide clear, transparent guidance on the consequences of non-compliance.

1.3 This Policy should be read alongside and forms an integral part of:

(a) the Master Services Agreement or Subscription Agreement entered into between SummitBridge Horizon and the Customer ("MSA");

(b) our Privacy Policy;

(c) our Data Processing Agreement ("DPA"); and

(d) any other terms, schedules, or addenda incorporated into your agreement with us.

1.4 In the event of any conflict between this Policy and the MSA, the terms of the MSA shall prevail unless this Policy expressly states otherwise.


2. DEFINITIONS

In this Policy, the following terms shall have the meanings set out below:

Term Definition
"Account" The account created and maintained by or for a Customer to access and use the Platform.
"Authorised User" Any individual employee, contractor, agent, or representative of the Customer who is authorised by the Customer to access and use the Platform pursuant to the MSA.
"Customer" The business entity that has entered into the MSA with SummitBridge Horizon and is a subscriber to the Platform.
"Customer Data" All data, content, and information uploaded to, processed on, or generated through the Platform by or on behalf of the Customer.
"Platform" The SummitBridge Horizon SaaS platform, including all associated software, services, APIs, dashboards, tools, and features made available to the Customer.
"API" Application Programming Interface — the programmatic interface through which Customers and Authorised Users may access Platform functionality.
"AI Agent" Any artificial intelligence, machine learning model, automated decision-making system, or autonomous agent made available through or integrated into the Platform.
"Prohibited Data" Categories of data that must not be stored, processed, or transmitted via the Platform, as defined in Section 9.
"Security Controls" Technical and organisational measures implemented by SummitBridge Horizon to protect the Platform, including authentication systems, access controls, encryption, firewalls, and monitoring systems.
"Violation" Any act, omission, or conduct that breaches this Policy.
"Working Day" Any day other than a Saturday, Sunday, or public holiday in England and Wales.

3. SCOPE AND APPLICATION

3.1 This Policy applies to:

(a) all access to and use of the Platform, whether through a web browser, desktop application, mobile application, API, or any other means;

(b) all Customer Data processed on the Platform;

(c) all integrations, automated scripts, bots, AI Agents, or other tools used in connection with the Platform; and

(d) all activities conducted by any person or system using credentials associated with an Account.

3.2 This Policy applies globally. Where a Customer operates across multiple jurisdictions, the Customer remains responsible for ensuring compliance with all applicable local laws in addition to this Policy.

3.3 The Customer is responsible for ensuring that all Authorised Users are made aware of, and comply with, this Policy. A breach of this Policy by an Authorised User shall be deemed a breach by the Customer.


4. WHO THIS POLICY APPLIES TO

4.1 This Policy applies to all of the following:

(a) Customers — business entities that have subscribed to the Platform under an MSA;

(b) Authorised Users — individuals authorised by Customers to access the Platform;

(c) Third-Party Integrators — any third parties authorised to connect to the Platform via API or other technical interface; and

(d) Agents Acting on Behalf of Customers — including contractors, consultants, and service providers accessing the Platform on a Customer's behalf.

4.2 Customers are solely responsible for managing the conduct of all persons and systems accessing the Platform using their credentials or API keys, whether or not such access was authorised by the Customer.


5. PROHIBITED USES

The following activities are strictly prohibited. Customers and Authorised Users must not engage in, facilitate, enable, or attempt any of the following:


5.1 Illegal Activities

5.1.1 You must not use the Platform to engage in, promote, facilitate, or assist in any activity that:

(a) constitutes a criminal offence under the laws of England and Wales or any other applicable jurisdiction;

(b) violates any applicable statute, statutory instrument, regulation, regulatory guidance, court order, or other legally binding requirement;

(c) amounts to fraud, money laundering, bribery, or corruption, including any activity in breach of the Fraud Act 2006, the Proceeds of Crime Act 2002, or the Bribery Act 2010;

(d) infringes the intellectual property rights of any third party, including patents, trademarks, copyright, database rights, or confidential information; or

(e) constitutes harassment, stalking, or any other tortious conduct against any individual or entity.


5.2 Unauthorised Access Attempts

5.2.1 You must not attempt to gain unauthorised access to:

(a) any part of the Platform or any Account that you are not expressly authorised to access;

(b) the systems, servers, networks, databases, or infrastructure of SummitBridge Horizon or any third party connected to the Platform;

(c) accounts belonging to other Customers or Authorised Users; or

(d) any backend administrative interfaces, configuration panels, or internal tools not made available to you.

5.2.2 Prohibited conduct under this section includes, without limitation:

(a) brute-force attacks, credential stuffing, or password guessing;

(b) exploitation of known or unknown vulnerabilities in the Platform or its dependencies;

(c) session hijacking, man-in-the-middle attacks, or replay attacks;

(d) probing, scanning, or testing the Platform for vulnerabilities without prior written authorisation from SummitBridge Horizon; and

(e) any activity constituting an offence under sections 1, 2, or 3 of the Computer Misuse Act 1990.

5.2.3 Customers wishing to conduct authorised security testing or penetration testing must submit a written request to [email protected] at least fifteen (15) Working Days in advance and obtain express written approval before commencing any such activity.


5.3 Data Scraping and Unauthorised Data Collection

5.3.1 You must not:

(a) use any automated tool, script, bot, spider, crawler, or other means to extract, copy, scrape, or harvest data from the Platform without SummitBridge Horizon's prior written authorisation;

(b) mirror, replicate, or reproduce any substantial part of the Platform's content or data outside of the Platform without prior written authorisation;

(c) use the Platform to collect personal data about third parties without a lawful basis for doing so under UK GDPR and the DPA 2018;

(d) aggregate, compile, or create derivative datasets from Platform data in a manner not expressly permitted by your MSA; or

(e) circumvent any access controls, rate limiting, or technical measures designed to prevent unauthorised data extraction.

5.3.2 All data accessed through the API must be used solely for the purposes permitted under the MSA and this Policy.


5.4 Malware Distribution and Malicious Code

5.4.1 You must not upload, transmit, distribute, or introduce to the Platform:

(a) any virus, worm, Trojan horse, ransomware, spyware, adware, or any other malicious or harmful code;

(b) any software designed to disrupt, damage, disable, overburden, or impair the Platform or any connected systems;

(c) any exploit, payload, or code designed to gain unauthorised access to any system;

(d) any content or files that contain intentionally corrupted data intended to cause damage; or

(e) any software that intercepts, monitors, or exfiltrates data without authorisation.

5.4.2 Customers must ensure that all files, data, and content uploaded to the Platform are subject to appropriate malware scanning prior to upload. SummitBridge Horizon reserves the right to scan all uploaded content and quarantine or delete any content identified as malicious.


5.5 Excessive API Usage Beyond Permitted Limits

5.5.1 API usage is subject to the rate limits, call limits, and usage thresholds set out in your MSA, Order Form, or as communicated to you in writing from time to time (collectively, "API Limits").

5.5.2 You must not:

(a) exceed the API Limits applicable to your subscription tier;

(b) deploy automated processes that generate API traffic substantially in excess of normal operational usage patterns;

(c) make API calls that are designed to stress test, benchmark, or probe the capacity of the Platform without prior written authorisation;

(d) circumvent rate limiting controls through technical means, including but not limited to the use of multiple API keys, rotating IP addresses, or distributed request patterns; or

(e) share API credentials with third parties not authorised under your MSA.

5.5.3 SummitBridge Horizon reserves the right to throttle, suspend, or terminate API access where usage materially exceeds the applicable API Limits, without prejudice to any other rights under this Policy.

5.5.4 Customers requiring higher API Limits should contact their account manager to discuss upgrading their subscription.


5.6 Unauthorised Reselling and Sublicensing

5.6.1 Unless expressly authorised in writing by SummitBridge Horizon under the terms of a reseller agreement or other written authorisation, you must not:

(a) resell, sublicense, lease, rent, or otherwise transfer access to the Platform or any Account to any third party;

(b) make the Platform available to third parties as part of a managed service offering or bundled product without written authorisation;

(c) white-label, rebrand, or represent the Platform as your own product without a written white-labelling agreement with SummitBridge Horizon;

(d) charge third parties for access to the Platform beyond what is expressly permitted in your MSA; or

(e) allow non-Authorised Users to access the Platform using credentials or licences granted to your organisation.


5.7 Discriminatory Use of AI Agents

5.7.1 Where the Platform provides access to AI Agents, you must not use such AI Agents in any manner that:

(a) constitutes unlawful discrimination on the grounds of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, or sexual orientation, contrary to the Equality Act 2010 or any other applicable anti-discrimination legislation;

(b) produces, reinforces, or amplifies discriminatory outcomes in hiring, lending, insurance, access to services, or any other domain in which such discrimination is prohibited by law;

(c) processes special category data (as defined in Article 9 UK GDPR) in an automated decision-making context without a lawful basis and appropriate safeguards under UK GDPR;

(d) is used to make solely automated decisions that produce legal or similarly significant effects on data subjects without providing appropriate human review, in violation of Article 22 UK GDPR; or

(e) violates any AI-specific regulatory guidance issued by the UK Information Commissioner's Office ("ICO"), the Competition and Markets Authority ("CMA"), or any other applicable regulatory body.

5.7.2 Customers are responsible for conducting their own Equality Impact Assessments and Data Protection Impact Assessments ("DPIAs") where required when deploying AI Agents for purposes that may affect individuals.

5.7.3 SummitBridge Horizon reserves the right to suspend access to AI Agent features pending investigation where discriminatory use is suspected or reported.


5.8 Circumventing Security Controls

5.8.1 You must not attempt to disable, bypass, defeat, or undermine any Security Controls implemented on the Platform, including:

(a) multi-factor authentication ("MFA") or single sign-on ("SSO") systems;

(b) IP allowlisting or geofencing controls;

(c) role-based access controls or permission systems;

(d) data loss prevention ("DLP") tools or content filtering systems;

(e) audit logging, monitoring, or alerting systems;

(f) encryption mechanisms applied to data in transit or at rest;

(g) session timeout controls; or

(h) any other technical or organisational security measure.

5.8.2 Customers must cooperate with SummitBridge Horizon's security requirements and promptly implement any mandatory security updates or configuration changes communicated by SummitBridge Horizon.


5.9 Storing Prohibited Data Categories

5.9.1 The following categories of data ("Prohibited Data") must not be stored, uploaded, transmitted, or processed on the Platform without prior written agreement and appropriate contractual safeguards with SummitBridge Horizon:

(a) Special Category Personal Data (as defined in Article 9 UK GDPR) — including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data processed for identification purposes, health data, or data concerning a person's sex life or sexual orientation — unless expressly permitted under your DPA and associated technical and organisational measures ("TOMs");

(b) Payment Card Data — any full primary account numbers ("PANs"), card verification codes ("CVVs"), or other data regulated under the Payment Card Industry Data Security Standard ("PCI DSS");

(c) Government-Issued Identifiers — including National Insurance numbers, passport numbers, driving licence numbers, or equivalent identifiers from other jurisdictions, except where expressly authorised;

(d) Criminal Offence Data — personal data relating to criminal convictions and offences, as regulated under Article 10 UK GDPR and section 10 DPA 2018;

(e) Children's Personal Data — personal data relating to individuals under the age of 18, except where the Platform has been specifically configured and authorised for such use with appropriate safeguards in place;

(f) Classified or Official Information — any government-classified information or Official Sensitive material under the Government Security Classifications Policy; and

(g) Trade Secrets or Proprietary Third-Party Information — confidential information of third parties uploaded without appropriate authorisation from those third parties.

5.9.2 Where a Customer becomes aware that Prohibited Data has been inadvertently uploaded or processed on the Platform, the Customer must notify SummitBridge Horizon immediately via the reporting mechanism set out in Section 11 and cooperate with remediation steps.


5.10 Violating Export Control Laws

5.10.1 You must not use the Platform in any manner that violates applicable export control, trade sanctions, or import laws, including:

(a) the Export Control Act 2002 and associated UK Export Control Regulations;

(b) UK financial sanctions administered by the Office of Financial Sanctions Implementation ("OFSI") within HM Treasury;

(c) trade restrictions and sanctions imposed by the United Nations Security Council;

(d) United States Export Administration Regulations ("EAR") and Office of Foreign Assets Control ("OFAC") regulations, to the extent applicable to your use; and

(e) any other applicable national or international export control or trade sanctions regime.

5.10.2 Without limiting the foregoing, you must not:

(a) use the Platform to provide services or technology to any person, entity, or jurisdiction subject to applicable sanctions or export restrictions;

(b) export, re-export, or transfer Platform access, features, or any data processed through the Platform to prohibited destinations or persons; or

(c) use the Platform in connection with the development, production, or proliferation of weapons of mass destruction or other prohibited end-uses.

5.10.3 Customers are solely responsible for obtaining any licences, authorisations, or exemptions required under applicable export control laws in connection with their use of the Platform.


6. PERMITTED USES AND ACCEPTABLE CONDUCT

6.1 You may use the Platform solely for:

(a) the legitimate business purposes described in your MSA and Order Form;

(b) internal business operations of the Customer and its Authorised Users; and

(c) any other purpose expressly authorised in writing by SummitBridge Horizon.

6.2 In using the Platform, you must:

(a) use the Platform in good faith and in a manner consistent with its intended purpose;

(b) maintain the confidentiality of all login credentials and API keys associated with your Account;

(c) promptly notify SummitBridge Horizon of any suspected security incident, breach, or unauthorised access as set out in Section 11;

(d) maintain appropriate technical and organisational measures to protect the security of your access to the Platform;

(e) comply with all applicable laws and regulations relevant to your use of the Platform; and

(f) cooperate reasonably with SummitBridge Horizon in investigations relating to potential Policy violations.


7. SECURITY OBLIGATIONS

7.1 Customers must implement and maintain appropriate security measures for their use of the Platform, including:

(a) enabling multi-factor authentication ("MFA") for all Authorised User accounts where this feature is available;

(b) using strong, unique passwords for all accounts and rotating API keys regularly;

(c) promptly revoking access for Authorised Users who leave the Customer's organisation or no longer require access;

(d) maintaining up-to-date endpoint security software on all devices used to access the Platform;

(e) ensuring that API keys and credentials are not embedded in publicly accessible code repositories or exposed in logs; and

(f) promptly applying any security patches or configuration updates required by SummitBridge Horizon.

7.2 Customers must maintain an up-to-date list of all Authorised Users and conduct periodic access reviews to ensure that access rights remain appropriate.

7.3 Where SummitBridge Horizon provides security guidance, best practice recommendations, or mandatory security notices, Customers must implement such guidance within the timeframes specified.


8. DATA HANDLING OBLIGATIONS

8.1 Customers must ensure that all Customer Data processed through the Platform is handled in accordance with:

(a) UK GDPR and the DPA 2018;

(b) the Privacy and Electronic Communications Regulations 2003 ("PECR") where applicable;

(c) the Data Processing Agreement entered into with SummitBridge Horizon; and

(d) any other applicable data protection laws in relevant jurisdictions.

8.2 Customers are the data controller for Customer Data and are solely responsible for ensuring they have lawful bases for processing personal data through the Platform.

8.3 Customers must not use the Platform to process personal data for purposes incompatible with those for which it was collected.

8.4 Where required, Customers must complete and maintain appropriate DPIAs before using specific Platform features that involve high-risk processing activities.


9. AI AGENT USAGE OBLIGATIONS

9.1 Where the Customer accesses AI Agent features on the Platform, the Customer must:

(a) clearly communicate to any individuals interacting with AI Agents that they are interacting with an automated system rather than a human, where relevant;

(b) ensure that AI Agent outputs are subject to appropriate human review before being relied upon for decisions that have legal or significant practical effects on individuals;

(c) maintain records of AI Agent use sufficient to demonstrate compliance with this Policy and applicable law;

(d) not use AI Agents to generate or disseminate disinformation, misleading content, or content designed to manipulate individuals in harmful ways;

(e) not use AI Agents to generate content that infringes third-party intellectual property rights; and

(f) comply with all usage guidelines and documentation published by SummitBridge Horizon relating to AI Agent features from time to time.

9.2 The Customer acknowledges that AI Agent outputs may not always be accurate, complete, or current, and that reliance on such outputs is at the Customer's own risk, subject to any express warranties provided in the MSA.


10. API USAGE AND TECHNICAL LIMITS

10.1 API access is provided subject to the following conditions:

(a) API usage must remain within the applicable API Limits for your subscription tier;

(b) API keys must be stored securely and must not be shared with unauthorised parties;

(c) API integrations must be implemented in accordance with SummitBridge Horizon's published API documentation and technical guidelines;

(d) Customers must implement appropriate error handling to avoid generating excessive failed API requests; and

(e) Customers must not use the API in a manner that degrades the performance or availability of the Platform for other Customers.

10.2 SummitBridge Horizon may update API Limits, deprecate API endpoints, or modify the API on reasonable notice to Customers.

10.3 Where a Customer's API usage consistently exceeds permitted limits, SummitBridge Horizon reserves the right to:

(a) automatically throttle API requests;

(b) temporarily suspend API access;

(c) charge for excess usage in accordance with the applicable pricing schedule; or

(d) require the Customer to upgrade to a higher subscription tier.


11. REPORTING MECHANISMS

11.1 How to Report a Violation or Concern

11.1.1 SummitBridge Horizon operates dedicated reporting channels for different categories of concern:

Type of Report Contact Channel Target Response Time
Security Incidents / Suspected Breaches [email protected] Within 4 hours (24/7)
Suspected Policy Violations by Others [email protected] Within 2 Working Days
Personal Data Breaches / Privacy Concerns [email protected] Within 24 hours
Export Control / Sanctions Concerns [email protected] Within 2 Working Days
AI Agent Misuse Reports [email protected] Within 2 Working Days
General Abuse Reports [email protected] Within 3 Working Days
Emergency Out-of-Hours Security [email protected] (monitored 24/7) Immediate

11.1.2 Reports may also be submitted via the in-platform reporting tool available in the Account settings dashboard under "Report a Concern."


11.2 What to Include in a Report

11.2.1 To enable SummitBridge Horizon to investigate efficiently, reports should include, where available:

(a) the reporter's name, organisation, and contact details;

(b) a description of the suspected violation or incident;

(c) the date(s) and time(s) the violation was observed;

(d) any relevant identifiers (such as Account IDs, IP addresses, API keys, or usernames);

(e) any supporting evidence, screenshots, or logs; and

(f) an indication of the urgency or ongoing risk, if applicable.


11.3 Reporting Obligations

11.3.1 Customers are required to notify SummitBridge Horizon without undue delay, and in any event within 72 hours of becoming aware of:

(a) any actual or suspected personal data breach involving Customer Data on the Platform, as required under Article 33 UK GDPR;

(b) any actual or suspected unauthorised access to the Platform through the Customer's Account;

(c) any actual or suspected compromise of API keys or authentication credentials; or

(d) any activity that the Customer reasonably believes to be a Violation of this Policy by any Authorised User or third party with access to their Account.


11.4 Good Faith Reporting and Non-Retaliation

11.4.1 SummitBridge Horizon is committed to handling all reports in good faith and with appropriate confidentiality.

11.4.2 SummitBridge Horizon will not take adverse action against any Customer or Authorised User who makes a report in good faith, even if the investigation does not ultimately substantiate the concern.

11.4.3 Making a deliberately false or vexatious report may itself constitute a Violation of this Policy.


12. ENFORCEMENT ACTIONS

12.1 Upon becoming aware of a suspected or confirmed Violation, SummitBridge Horizon may take one or more of the following enforcement actions, at its sole discretion and having regard to the nature, severity, and circumstances of the Violation:


12.2 Graduated Response Framework

12.2.1 Level 1 — Warning and Remediation Notice

Applicable to: Minor or first-time technical violations; inadvertent non-compliance; low-risk policy breaches.

Actions may include:

(a) issuing a formal written warning to the Customer's designated contact;

(b) requiring the Customer to confirm in writing that the violation has ceased;

(c) requiring the Customer to implement specified remediation measures within a defined timeframe; and

(d) logging the violation on the Customer's account record.

12.2.2 Level 2 — Feature Restriction or Rate Limiting

Applicable to: Repeated Level 1 violations; API abuse; data scraping; unauthorised AI Agent use.

Actions may include:

(a) restricting access to specific Platform features;

(b) applying enhanced API rate limiting;

(c) disabling specific integrations or API keys;

(d) requiring mandatory security training or policy acknowledgement; and

(e) imposing enhanced monitoring of the Account.

12.2.3 Level 3 — Account Suspension (Temporary)

Applicable to: Serious violations; ongoing violations not remediated at Level 1 or 2; credible reports of illegal activity; security incidents; Prohibited Data breaches.

Actions may include:

(a) temporarily suspending all or part of the Account's access to the Platform;

(b) suspending all API access;

(c) requiring independent third-party audit at the Customer's expense before reinstatement;

(d) requiring the Customer to provide a detailed incident report and remediation plan; and

(e) imposing additional contractual safeguards as a condition of reinstatement.

12.2.4 Level 4 — Account Termination (Permanent)

Applicable to: Egregious violations; repeated serious violations; illegal activities; violations presenting material risk to SummitBridge Horizon or third parties; violations where the Customer has failed to cooperate with enforcement.

Actions may include:

(a) permanently terminating the Customer's MSA and all Accounts;

(b) deleting or returning Customer Data in accordance with the MSA and applicable law;

(c) reporting the matter to relevant law enforcement authorities, including but not limited to the National Cyber Security Centre ("NCSC"), the Information Commissioner's Office ("ICO"), or OFSI; and

(d) pursuing civil remedies, including seeking injunctive relief or damages.


12.3 Investigation Process

12.3.1 Where SummitBridge Horizon investigates a suspected Violation, it will:

(a) conduct the investigation in a timely, proportionate, and fair manner;

(b) where practicable and where doing so would not compromise the investigation or the security of the Platform, notify the Customer of the investigation and provide a reasonable opportunity to respond;

(c) consider any explanation, evidence, or mitigating factors provided by the Customer; and

(d) maintain appropriate records of the investigation and enforcement action taken.

12.3.2 SummitBridge Horizon reserves the right to take immediate enforcement action without prior notice where it reasonably determines that delay would pose a material risk to the Platform, other Customers, third parties, or SummitBridge Horizon itself.


12.4 Right of Appeal

12.4.1 Customers who dispute an enforcement action may submit a written appeal to [email protected] within ten (10) Working Days of receiving notice of the enforcement action.

12.4.2 Appeals must set out:

(a) the grounds for the appeal;

(b) any supporting evidence; and

(c) the remedy sought.

12.4.3 SummitBridge Horizon will acknowledge appeals within two (2) Working Days and provide a substantive response within fifteen (15) Working Days of receipt.

12.4.4 The right of appeal does not suspend any enforcement action taken under Section 12.2.3 or Section 12.2.4, unless SummitBridge Horizon in its sole discretion agrees otherwise in writing.


13. ACCOUNT SUSPENSION AND TERMINATION

13.1 Temporary Suspension

13.1.1 SummitBridge Horizon may suspend an Account or restrict access to the Platform (in whole or in part) in the following circumstances:

(a) where SummitBridge Horizon reasonably suspects a Violation of this Policy is occurring or has occurred;

(b) where SummitBridge Horizon is required to do so by applicable law, regulation, court order, or regulatory direction;

(c) where there is a credible security threat affecting the Account or the wider Platform;

(d) where the Customer has failed to pay undisputed sums due under the MSA and has been given reasonable notice;

(e) where required to comply with a request from law enforcement; or

(f) where SummitBridge Horizon is conducting emergency maintenance or security remediation.

13.1.2 Where reasonably practicable, SummitBridge Horizon will provide the Customer with at least 24 hours' prior written notice of a suspension, unless the circumstances require immediate action, in which case notice will be provided as soon as reasonably possible after the suspension takes effect.

This document is maintained by SummitBridge Horizon Ltd (Companies House: 16419201). For questions, contact [email protected].