Acceptable Use Policy

Effective date: 1 January 2026 · Version: 1.0

Operator: Lunatoria Prime LTD (Company No. 16859261), trading as Callivex, registered at 13 Hawley Crescent, London NW1 8NP, United Kingdom. References to "we," "us," and "Callivex" mean Lunatoria Prime LTD.

1. Scope

This Acceptable Use Policy ("AUP") forms part of every customer agreement and applies to all traffic transiting the Callivex network. Customers are responsible for traffic generated by their end-users, sub-accounts, and resellers, regardless of who operates the originating endpoint. Compliance with this AUP is a condition of service.

2. Prohibited traffic

The following traffic is prohibited at all times. We will block, suspend, or terminate accounts that originate or forward such traffic — without prior notice where the volume or severity warrants.

2.1 Fraud and unlawful access

• Toll fraud, including but not limited to international revenue-share fraud (IRSF), wangiri ("one-ring") schemes, premium-rate pumping, and any traffic that monetises end-user deception.
• Calls placed using credentials obtained through phishing, credential stuffing, brute-force, social engineering, or any other unauthorised means.
• Traffic intended to defraud, harass, threaten, or extort the recipient.
• Spoofing of caller identity (CLI/ANI) for the purpose of deception, evasion, or impersonation. Lawful CLI substitution under regulator guidance is permitted.

2.2 Robocall and unsolicited communications

• Automated calling that violates the recipient jurisdiction's "do not call" registry, prior-consent requirements, or unsolicited-communications law (including but not limited to the UK Privacy and Electronic Communications Regulations, the EU ePrivacy Directive, the US TCPA, and Canadian CRTC rules).
• SIP-INVITE flooding, machine-generated call campaigns without verifiable consent, or traffic that systematically violates STIR/SHAKEN attestation requirements where applicable.
• Voice phishing ("vishing"), automated impersonation of government bodies, banks, courier services, tax authorities, or any party for fraudulent purposes.

2.3 Illegal content and conduct

• Calls that facilitate child sexual exploitation material, terrorism, human trafficking, narcotics distribution, weapons trafficking, or any other criminal offence under UK law or the law of the originating or terminating jurisdiction.
• Traffic in violation of UK, EU, or US sanctions regimes (OFSI, EU consolidated list, OFAC).
• Traffic that infringes intellectual property rights or distributes unlawful content.

2.4 Network abuse

• Denial-of-service attacks, port scanning, or any traffic intended to degrade Callivex or third-party networks.
• Attempts to bypass rate limits, channel caps, allowlist enforcement, or other technical controls.
• Traffic that exploits known protocol vulnerabilities (SIP, RTP, codec-specific) against any party.

3. Customer obligations

3.1 Know-your-customer (KYC)

Customers must perform reasonable identification and verification on their own end-users and sub-accounts before granting access to Callivex services. At minimum:

• Verify the legal entity or individual operating each sub-account, including name, address, and a verifiable contact channel.
• Retain KYC records for the duration of the customer relationship plus a minimum of two (2) years.
• On reasonable request, supply Callivex with KYC information for any sub-account, with appropriate redactions for non-relevant personal data.

3.2 Endpoint security

• Customers must protect SIP credentials, IP whitelist configurations, and any provisioning portal access against unauthorised use.
• Customers must apply security updates to PBX, softswitch, dialer, and SBC software promptly.
• On suspicion or evidence of credential compromise, customers must rotate credentials within 24 hours and notify Callivex.

3.3 Traffic profile disclosure

Customers must disclose, prior to provisioning and on material change, the intended traffic profile (origination region, destination mix, call pattern — predictive dialer, manual outbound, IVR, hosted PBX, etc.). Material under-disclosure is a breach of this AUP.

3.4 Regulator co-operation

Customers must respond promptly to lawful regulator enquiries and lawful intercept requests, and must co-operate with Callivex in providing requested traffic, CDR, or KYC information to regulators where legally required.

4. Specific traffic rules

4.1 Premium-rate destinations

High-cost and premium-rate destinations are blocked by default on every customer account. Access to these destinations requires explicit customer opt-in, business justification, and may carry pre-funding or hold-back requirements.

4.2 STIR/SHAKEN and call authentication

For traffic terminating in jurisdictions requiring call authentication (currently US, increasing EU coverage), customers must originate calls with truthful, verifiable CLI. Callivex applies attestation in line with regulatory guidance and may downgrade attestation for unverified CLI.

4.3 Calls per second (CPS) and channels

Customers receive a contractually agreed CPS and simultaneous-channel cap. Sustained traffic above cap will be throttled or blocked. Burst capacity may be granted on request and review.

4.4 ANI rotation

ANI rotation is permitted for legitimate sales and contact-center use cases where each presented number is owned, leased, or properly authorised by the originator. Rotating numbers solely to evade spam scoring or DNC enforcement constitutes prohibited traffic under section 2.

4.5 Phone numbers (DIDs)

Phone numbers (DIDs) assigned to your account are licensed to you for the duration of your active subscription. The following obligations apply alongside the general rules in sections 2 and 3.

1. Authorised use. You must have legal authorisation to use each number as your outbound caller ID. Calls placed with a caller ID you do not own may be rewritten by our platform to a number you do own; we cannot send unauthorised caller IDs to receiving networks.
2. No spoofing. You may not present a caller ID that misrepresents the source of the call. This includes presenting numbers belonging to government agencies, financial institutions, or businesses you are not authorised to represent. Such use is illegal under the US TRACED Act, the EU Electronic Communications Code, and the UK Communications Act.
3. No high-volume unsolicited calls. Numbers allocated under your account may not be used for unsolicited bulk calling (robocalling). Volume thresholds and call-pattern detection apply automatically; accounts that exceed thresholds are suspended pending review.
4. Identity verification. For full caller ID attestation (required by US carriers to avoid spam-blocking), you must complete identity verification at our request, including providing business registration, proof of address, and a signed statement of authorisation. Numbers without identity verification may be marked as "Caller ID Unverified" by receiving networks.
5. Inbound routing. You are responsible for the destination address you configure for incoming calls. Incoming calls to your numbers are routed directly to your PBX; we do not store recordings or maintain inbound call logs beyond the SIP signaling.
6. Billing. Monthly fees recur on the anniversary day of purchase. If your account balance is insufficient at the monthly charge attempt, the number enters a 7-day grace period during which incoming calls continue to route normally. After grace, the number is suspended for up to 23 additional days, then released back to inventory if still unpaid. There is no refund for partial-month usage on cancellation.
7. Porting. Numbers may be portable to another carrier subject to the originating provider's port-out terms. Port-out requests may take 5-10 business days and may incur a fee passed through from the originating provider. Contact support to initiate a port-out.
8. Number lifecycle. Numbers released from your account (by cancellation, non-payment, or AUP enforcement) return to the inventory pool and may be reassigned to other customers after a 30-day quarantine period.

5. Enforcement

5.1 Investigation

Callivex monitors traffic in aggregate for anomalies (sudden CPS spikes, destination-mix shifts, unusual ANI patterns, complaint clusters). Investigation may include CDR review, real-time SIP capture, and regulator co-ordination. Customer co-operation is expected.

5.2 Suspension

We may suspend traffic immediately, without prior notice, where:

• We have reasonable grounds to believe a serious AUP violation is occurring.
• Traffic poses imminent risk of regulator enforcement, third-party legal action, or upstream-carrier complaint.
• Spend velocity exceeds risk thresholds in a manner consistent with credential compromise.

We will provide notice of suspension and reasoning within one (1) business day where lawful and operationally feasible.

5.3 Termination

Repeated, serious, or wilful AUP violations may result in immediate termination of service. Refunds for prepaid balances on terminated accounts are issued less reasonable carrier reconciliation costs and any liabilities arising from the violation. Callivex retains the right to refer violations to UK and foreign authorities.

5.4 Right of refusal

Callivex reserves the right to refuse or discontinue service to any customer whose traffic profile or business model materially conflicts with this AUP, with applicable law, or with the terms of our upstream carrier agreements, even where individual traffic is technically compliant.

6. Reporting violations

Suspected AUP violations should be reported to abuse@callivex.com. Reports should include:

• The recipient and originating numbers, where known.
• Date, time (with timezone), and approximate duration of the call.
• Description of the conduct (recording, transcript, or summary).
• Reporter contact details for follow-up.

We acknowledge abuse reports within one (1) business day and conclude initial investigation within five (5) business days.

7. Changes to this policy

We may update this AUP to reflect operational, legal, or regulatory developments. Material changes will be notified to customers by email and via the service portal at least fourteen (14) days before taking effect, except where regulator action requires faster compliance.

8. Contact

Acceptable-use questions: compliance@callivex.com
Abuse and fraud reports: abuse@callivex.com
Postal: Lunatoria Prime LTD, 13 Hawley Crescent, London NW1 8NP, United Kingdom.