CoholdLegal

Version 1.0.1 · Effective 2026-05-10

Acceptable Use Policy

This Acceptable Use Policy (the "AUP") sets the ground rules for using the Cohold platform (the "Platform"). It applies to everyone with an account — issuer admins, employees, contractors, and shareholders — and to anyone who interacts with the Platform on someone else's behalf.

The AUP forms part of our Terms of Service. Breaching it is a breach of the Terms.

1. Use the Platform for what it's for

The Platform exists so Australian CSF issuers can manage their post-raise shareholder relationships — communications, statutory notices, document distribution, and (over time) voting and community engagement.

If a use case isn't related to that purpose, it probably doesn't belong here.

2. You must not

The list below is non-exhaustive. The principle is bigger than any one bullet: don't be the reason we have to write more rules.

Spam and unwanted contact

  • Send marketing or promotional emails to recipients who have not consented to receive them. The Spam Act 2003 (Cth) applies and the Platform won't shield you from it.
  • Re-import a list of unsubscribed shareholders to "reset" their preferences. Marketing-opt-out is sticky by design.
  • Mass-send communications that are not legitimately related to the issuer's relationship with the recipient.

Data extraction, scraping, and AI training

  • Scrape, crawl, or extract data from the Platform other than via interfaces and exports we expose to you.
  • Submit Platform content (including shareholder data, communication bodies, or document text) to a third-party AI/ML training pipeline, retrieval-augmented generation index, or model fine-tuning dataset. Your shareholders did not consent to that use.
  • Reverse-engineer, decompile, or disassemble any part of the Platform.

Unauthorised access

  • Attempt to access another tenant's data. Multi-tenant isolation is the security primitive that makes the Platform trustworthy; probing it is a security incident, not a feature request.
  • Attempt to access another user's account, session, or magic-link token.
  • Use credentials that aren't yours, or share your credentials with someone who shouldn't have them.
  • Attempt to bypass audit-logging or retention requirements.

Harmful content

  • Upload or transmit content that is unlawful, defamatory, harassing, threatening, hateful, or obscene.
  • Upload content that infringes someone else's copyright, trademark, trade secret, or other intellectual-property rights.
  • Distribute malware, ransomware, phishing kits, or any other code intended to harm a recipient or recipient's systems.
  • Use the Platform to coordinate fraud, market manipulation, insider trading, or any other regulated misconduct.

Disruption

  • Interfere with the Platform's operation, including overloading endpoints, bypassing rate limits, or running stress tests we haven't agreed to.
  • Use the Platform in a way that imposes a disproportionately large load relative to its intended use.
  • Probe for vulnerabilities outside an agreed coordinated-disclosure process. (We're happy to receive disclosures — email security@cohold.com.au.)

Misrepresentation

  • Impersonate a person, company, regulator, or anyone you're not.
  • Forge headers, sender domains, or other identifiers to disguise the origin of a communication.
  • Make false claims about your relationship with us, with another issuer, with ASIC, or with any other party.

3. Statutory communications and unsubscribe

Statutory communications under the Corporations Act 2001 (Cth) (e.g. annual report notices) may be sent to all shareholders regardless of marketing-opt-out status. That is the law.

Other communications must respect the recipient's marketing preference. The Platform's compose flow enforces this; do not work around it.

Every non-statutory broadcast must include a working unsubscribe link. The Platform inserts one automatically — do not strip it.

4. Shareholders using the portal

If you are a shareholder using the portal, the AUP applies to you too. In particular:

  • don't share your magic-link or session with anyone else;
  • don't use the portal to harass, dox, or threaten anyone (including the issuer's staff);
  • don't try to extract another shareholder's holdings or contact details; and
  • don't post content into any community feature (when those land in a future release) that breaches this AUP.

5. Reporting abuse

If you see something that looks like a breach of this AUP, tell us:

  • security incidents — security@cohold.com.au
  • spam or marketing abuse — abuse@cohold.com.au
  • everything else — legal@cohold.com.au

We take reports seriously and will investigate. We won't reveal who reported what without consent or legal compulsion.

6. Consequences of breach

Where we believe the AUP has been breached, we may, depending on the severity:

  • contact the responsible account and ask them to fix it;
  • suspend the offending feature, account, or tenant;
  • terminate access; and/or
  • report the conduct to law enforcement, a regulator, or a third-party rights-holder.

We will use the lightest appropriate response, but the safety of every other tenant on the Platform is non-negotiable.

7. Changes

We may update this AUP from time to time. Patch and minor changes take effect immediately. Material (major) changes require re-acceptance the next time you sign in. Each version is reachable at /legal/acceptable-use/v/<semver> so you can always see what you accepted.

8. Contact

Questions: legal@cohold.com.au.

---

_Rebranded 2026-05-10: contact emails and platform name updated from CSF Community Platform / communitylayer.com.au to Cohold / cohold.com.au. No change to the legal entity or your obligations._

These documents are tooling, not legal advice. Get them reviewed by an Australian solicitor before relying on them.