PassKit Acceptable Use Policy

Rules for using PassKit responsibly and lawfully, including requirements for Apple Wallet and Google Wallet passes.

Last Updated: January 8, 2026.

This Acceptable Use Policy (“AUP”) governs your use of the PassKit platform, APIs, SDKs, applications, and related services (the “Services”).

This AUP forms part of, and is incorporated into, the PassKit Subscription Service Agreement and applies to all Customers, Account Users, and any other parties accessing or using the Services.

By using the Services, you agree to comply with this AUP.

1. Purpose of this policy

PassKit provides infrastructure for creating, issuing, updating, and managing digital wallet passes (including passes for Apple Wallet and Google Wallet).

This AUP exists to:

  • protect the security, integrity, and reliability of the Services;
  • ensure lawful and responsible use of the platform;
  • ensure compliance with applicable laws and regulations; and
  • ensure compliance with third-party platform requirements, including those of Apple and Google.

2. Third-party wallet platform requirements

Use of PassKit in connection with Apple Wallet, Google Wallet, or any other third-party wallet platform is subject to the applicable terms, policies, developer agreements, and acceptable use requirements of those platforms, as updated from time to time.

You are solely responsible for ensuring that:

  • your passes, content, use cases, and communications comply with Apple's and Google's requirements;
  • your use of the Services does not cause PassKit to violate any third-party platform rules; and
  • you promptly update or discontinue any pass or program that no longer complies with such requirements.

PassKit does not control Apple's or Google's policies and is not responsible for enforcement actions taken by those platforms.

You should review Apple and Google's applicable wallet policies and developer terms for your use case.

3. General use requirements

You must not use the Services in any way that:

  • violates applicable laws or regulations;
  • infringes intellectual property or other rights;
  • interferes with, disrupts, or degrades the Services or related systems;
  • attempts to bypass security, usage limits, or technical safeguards;
  • misrepresents your identity, affiliation, or authority; or
  • exposes PassKit, its customers, or end users to harm, liability, or risk.

You are responsible for all activity conducted under your account.

4. Prohibited content and activities

You must not use the Services to create, distribute, promote, or facilitate passes or content that involve, promote, or relate to any of the following:

4.1 Illegal or unlawful activity

  • Any activity that is illegal under applicable law.
  • Facilitation or promotion of criminal activity.

4.2 Sexual and exploitative content

  • Pornographic or sexually explicit content.
  • Sexual exploitation or abuse of children.
  • Content involving minors in a sexualised manner.

4.3 Hate, harassment, and extremism

  • Hate speech, harassment, or discrimination.
  • Extremist organisations, ideologies, or activities.
  • Threats, incitement to violence, or glorification of violence.

4.4 Weapons and dangerous goods

  • Firearms, ammunition, explosives, or weapons.
  • Instructions for manufacturing or using weapons.
  • Dangerous or prohibited goods.

4.5 Drugs and controlled substances

  • Illegal drugs or drug paraphernalia.
  • Promotion of unlawful drug use.
  • Unsubstantiated or misleading medical claims.

4.6 Gambling and gaming

  • Illegal gambling or betting activities.
  • Gambling involving minors.
  • Unlicensed or unlawful gaming programs.

4.7 Fraud and deceptive practices

  • Fraud, scams, phishing, or deceptive schemes.
  • Misrepresentation of offers, rewards, or benefits.
  • Counterfeit goods or intellectual property infringement.

4.8 Financial and speculative products

  • Unregulated financial products or investment schemes.
  • Cryptocurrency or digital asset programs that violate applicable laws or platform rules.

5. Sensitive and regulated personal data

Unless expressly permitted by PassKit in writing and compliant with applicable law and third-party platform requirements, you must not use the Services to collect, store, display, or transmit:

  • government-issued identification numbers;
  • payment card data or financial account numbers;
  • health or medical information;
  • biometric identifiers;
  • precise location data;
  • information relating to children;
  • special categories of personal data under GDPR or similar laws (such as racial or ethnic origin, religious beliefs, sexual orientation, or political opinions);
  • passwords or authentication credentials (other than PassKit account credentials).

You are responsible for ensuring appropriate disclosures, legal bases, and user consent for any personal data processed through the Services.

6. Messaging, notifications, and communications

You must ensure that any notifications, messages, or communications sent using the Services:

  • are lawful and truthful;
  • comply with applicable marketing, privacy, and anti-spam laws;
  • respect user consent and preferences;
  • do not mislead, coerce, or deceive end users.

You must not send unsolicited, abusive, or deceptive communications.

7. Security and system integrity

You must not:

  • introduce malware, malicious code, or harmful components;
  • probe, scan, or test vulnerabilities without authorisation;
  • interfere with system performance or availability;
  • attempt to gain unauthorised access to accounts, data, or systems.

You must promptly notify PassKit of any suspected security incident involving your account or use of the Services.

8. Enforcement and remedies

PassKit may investigate suspected violations of this AUP.

If PassKit determines, in its reasonable discretion, that you have violated this AUP or that your use of the Services poses a risk to PassKit, its customers, end users, or third-party platforms, PassKit may:

  • suspend or terminate your access to the Services;
  • disable or remove specific passes, programs, or content;
  • require corrective actions;
  • cooperate with Apple, Google, regulators, or law enforcement; and/or
  • take any other action permitted under the Subscription Service Agreement or applicable law.

PassKit is not required to provide advance notice where immediate action is necessary.

9. Customer responsibility for end users

If you issue passes to end users using the Services, you are responsible for:

  • providing legally compliant privacy notices;
  • obtaining required rights and consents;
  • responding to user inquiries and complaints; and
  • ensuring your end users' use of passes complies with this AUP.

PassKit acts solely as a service provider in this context.

10. Changes to this Acceptable Use Policy

PassKit may update this AUP from time to time to reflect changes in law, platform requirements, or business practices.

Material updates will be posted on the PassKit website or otherwise communicated as required by law. Continued use of the Services after an update constitutes acceptance of the revised AUP.

11. Contact

If you have questions about this Acceptable Use Policy or believe a violation has occurred, please contact: support@passkit.com.