Acceptable Use Policy

This Acceptable Use Policy (the "AUP") sets out the rules that govern everyone who uses the BSR Group platform. It is incorporated into the Terms of Service by reference. Material breach may result in immediate suspension and is grounds for termination of your account, your employer's contract with BSR, or your Recruiter Partner Agreement.

1. Lawful and professional use

You agree to use the Platform only:

• For its intended recruitment, resourcing, project management and compliance purposes.
• In a lawful, professional and non-discriminatory manner.
• In compliance with UK employment law, the Conduct of Employment Agencies and Employment Businesses Regulations 2003, the Equality Act 2010, the Bribery Act 2010, sanctions law and applicable sector-specific regulation (e.g. Office for Nuclear Regulation requirements, SRA / Bar Council rules for legal sector users).

2. Prohibited content

You will not upload, transmit, store or share through the Platform any content that:

• Is unlawful, defamatory, obscene, harassing or threatening.
• Infringes intellectual property, confidentiality or privacy rights of any third party.
• Contains malware, exploits, scripts or executable code intended to compromise the Platform or other users.
• Falsely represents another person or organisation, including fake CVs, ghost candidates and fictitious job specs designed to harvest competitor data.

3. Prohibited conduct

You will not:

• Scrape, crawl, harvest, mass-export or systematically download Platform data, including via the API, except as expressly authorised.
• Reverse engineer, decompile or attempt to derive source code from the Platform.
• Bypass authentication, rate limits, IDOR controls, audit logging, CSRF protection or any other security mechanism.
• Use the Platform to send spam, unsolicited bulk communication or marketing without lawful basis.
• Submit a candidate without that candidate's consent for that specific submission.
• Approach a candidate or client introduced via the Platform with the intent of circumventing fees or commission due under any Engagement Letter or Partner Agreement.
• Attempt to access another organisation's data, candidate, job, project or document.
• Share login credentials or use shared "team" mailboxes for individual user accounts.

4. AI and automation

The Platform exposes AI-assisted features (CV review, career coach, candidate matching, intelligence chat). When using these features you agree:

• Not to submit content that you do not have the right to share with our AI sub-processors (see Privacy Notice §6).
• Not to use AI features to create deceptive content (e.g. fabricated CVs, impersonating real people).
• That AI outputs may contain errors and require human review before reliance.

5. Security

You will:

• Promptly report any vulnerability or suspected breach to security@bsr.group. We support responsible disclosure and will not pursue good-faith researchers who follow our coordinated disclosure process.
• Keep credentials private and enable MFA when prompted.
• Notify us immediately if you suspect your account has been compromised.

6. Children and minors

The Platform is intended for adults. You will not create an account on behalf of a person under 18 nor knowingly upload personal data of minors except where strictly necessary (e.g. dependent details on a relocation form) and lawful.

7. Sector-specific rules

7.1 Nuclear and security-cleared work

• Where a role or project requires SC, DV, BPSS or equivalent clearance, only post job specs and engage candidates whose status you can verify. Do not record clearance details for candidates who have not provided them.

7.2 Legal sector

• Recruiters and Companies operating in the legal sector must respect SRA Principles, the BSB Code of Conduct, money-laundering rules and conflict-of-interest requirements when sharing client information.

8. Reporting abuse

To report a suspected breach of this AUP — for example a fake CV, harassment, candidate without consent, or scraping — contact abuse@bsr.group. We will investigate and may take action including content removal, account suspension and reporting to law enforcement or relevant regulators.

9. Consequences of breach

Depending on severity we may:

• Issue a written warning.
• Remove or quarantine offending content.
• Suspend the offending user account or the parent organisation account.
• Terminate your account, the Engagement Letter or the Partner Agreement.
• Refer the matter to law enforcement or the relevant regulator (e.g. ICO, ONR, SRA).

10. Changes

We may update this AUP from time to time via the admin policy editor. Material changes require all logged-in users to re-accept on next sign-in.