AgentPay
Get started
Draft — legal review required. AgentPay is in test mode. These legal pages were drafted by the product team and have not been reviewed by an attorney licensed in your jurisdiction. They are published in good faith to describe how the product behaves today. A fully reviewed set will replace these before any live-mode operation.

Legal

Acceptable Use Policy

Last updated: 2026-04-22

In plain English

AgentPay exists so developers can give AI agents the ability to spend within guardrails. Some spending is obviously fine; some is obviously not. This page lists the obvious-not cases. Anything not listed is still subject to common sense, the law, the Stripe Issuing program terms we operate under, and our right to suspend accounts that create undue operational or legal risk for us or our partners.

Prohibited activities

  • Illegal goods and services. Controlled substances, unlicensed firearms, counterfeit goods, stolen credentials, malware, CSAM, human trafficking, unlicensed financial services, or anything prohibited by US federal, state, or local law.
  • Sanctions evasion. Transactions with sanctioned individuals, entities, or jurisdictions (OFAC-listed). Transactions structured to avoid reporting thresholds.
  • Card-network rule violations. Anything prohibited by Visa, Mastercard, or the Stripe Issuing program terms, including adult content categories without the appropriate merchant classification.
  • Targeting critical infrastructure. Agents that attempt to purchase services intended to disrupt power, water, healthcare, elections, or emergency-response systems.
  • Deceptive commerce. Purchases from merchants operating through fraud, phishing, impersonation, or fake-review schemes.
  • Abuse of the approval queue. Patterns designed to exhaust a reviewer's patience or induce accidental approval (identical requests rapid-fired, social-engineering the approver).
  • Circumventing spending limits. Creating rapid-fire cards to exceed a documented per-card cap, or splitting a single intended purchase across multiple cards to bypass the per-card limit.
  • Agent identity abuse. Issuing cards on behalf of someone who has not consented to be the cardholder, or misrepresenting KYB data.
  • Scraping or rate-limit abuse. Automated scraping of our dashboard or docs, denial-of-service probes, or circumvention of documented rate limits.
  • Exporting Stripe-reserved data. Attempting to exfiltrate raw PAN, CVV, or other Stripe-held data via ephemeral-key abuse, logging, or screen capture of fellow users' cards.

Gray areas we need to know about

If your intended use case involves any of the following, email us at [email protected] before you scale past test mode:

  • Cards for end-users of your own SaaS who have not individually consented to be AgentPay users.
  • Automated bulk purchasing (> 100 cards per day per user).
  • Use in regulated verticals (healthcare, insurance, legal services, political campaigns).
  • Any use case where an agent could plausibly spend in a way that causes third-party harm.

Enforcement

If we believe you are violating this policy, we may — without prior notice — revoke API keys, cancel active cards, release pending auth-holds, freeze your account, and retain records for lawful-process response. Where the violation is unclear, we will contact you first. Where the violation is clear, we will act first and explain later.

If you believe we have taken action in error, reply to our notification or email [email protected]. We review disputes within two business days.

Reporting abuse

See something you think violates this policy? Email [email protected] with as much detail as you can share. We do not retaliate against good-faith reports.