Use the platform for legitimate commerce, not risk transfer.

• Illegal goods, illegal services, or transactions that violate applicable laws, regulations, or provider rules.
• Fraudulent schemes, deceptive offers, phishing, impersonation, or any activity intended to mislead customers or counterparties.
• Sanctions evasion, money laundering, unauthorized remittance activity, or use of the platform to mask the true source or destination of funds.
• High-risk categories we do not support, including adult exploitation, counterfeit goods, stolen items, and transactions involving abuse or violence.

• Using PayBridgeNP to process payments on behalf of another undisclosed business or to hide the true merchant of record.
• Attempting to test stolen cards, probe provider behavior, evade rate limits, or automate abusive transaction patterns.
• Interfering with the security or availability of the platform, including unauthorized access attempts, scraping that degrades service, or exploit activity.
• Providing false business details, fake websites, misleading product descriptions, or inaccurate fulfilment information.

Merchants must present customers with accurate order details, pricing, and business identity. You may not use misleading redirects, concealment, mismatched product descriptions, or fake support channels to influence payment completion.

API and webhook usage must stay within documented behavior. Do not attempt to forge payment state, replay signed events, or misuse public tracking endpoints to enumerate transaction data.

PayBridgeNP sends transactional notifications on your behalf to people who have a real payment relationship with you. We do not allow:

• Marketing campaigns, promotional broadcasts, newsletters, or any non-transactional outreach via the SMS or email surface.
• Sending to recipients who have not transacted with you (e.g. importing third-party lists into checkout sessions purely to trigger reminder messages).
• Repeatedly sending the same transactional template to the same recipient in a way designed to bypass the platform's per-recipient cooldown.
• Using the SMS history or email log as a mailing list for outbound communication outside the platform.

PayBridgeNP enforces per-merchant burst rate limits and per-recipient cooldowns at the dispatcher layer. Suppressed messages are still logged so you can see what would have gone out, and what was throttled.

The Model Context Protocol surface lets AI assistants act on a merchant's behalf with a scoped token. Misuse can be costly to the merchant, the platform, and the customer. We do not allow:

• Using AI agents to issue mass refunds, mass voids, or other money-moving operations not initiated by an authorised human operator.
• Embedding MCP tokens in shared or untrusted environments where third parties could trigger actions on the merchant's account.
• Using AI agents to enumerate other merchants' data, attempt prompt-injection attacks against the platform, or extract internal IDs.
• Bypassing the platform's confirmation prompts on money-moving actions through automated approval scripts.

The merchant remains responsible for every action taken by an authorised AI agent under their token. Revoke tokens immediately from /mcp on suspected misuse.

The PayBridgeNP Buy Button (script-tag embed) and Payment Links surface let you accept payments from any website. The same surface can be misused; we do not allow:

• Embedding Buy Buttons or Payment Links on sites that do not match the business identity declared on the merchant account.
• Using Buy Buttons to circumvent platform terms (e.g. reselling another business's goods through your account).
• Modifying the embed script or hosted checkout markup to deceive customers about the destination, amount, or identity of the receiving merchant.
• Iframing or proxying the hosted checkout in a way that hides the PayBridgeNP origin.

We may ask for clarifying information, review account activity, disable features, or suspend an account where there is fraud, elevated operational risk, or a policy breach. Suspended accounts have API keys returning 403, hosted checkout disabled, and dashboard access read-only with the suspension reason surfaced.

In severe cases we may terminate access immediately and preserve records for investigation or compliance purposes. Provider restrictions may also affect platform access — a merchant that is removed or restricted by eSewa, Khalti, Fonepay, ConnectIPS, or HamroPay may lose access to related PayBridgeNP functionality.