New ABN and GST lookups are live alongside PPSR. Read docs
Hoist AIAssets
Sign in / Sign up
HomeLegalAcceptable use

Acceptable Use Policy.

Plain-English version of what you can and can't do with Hoist Assets. Hoist does not offer individual-grantor PPSR searches; this policy covers misuse and fair use.

Version 1.0Updated 2026-06-06

Short version

  • Use Hoist Assets for lawful business due diligence.
  • Do not use it to search individual grantors, harass people, or harvest registers in bulk.
  • AI agents are allowed when they follow the same rules as human users.
  • Keep a human confirmation step for high-value decisions and paid searches.

What you can do

  • Run PPSR organisation and serial-number searches for your own due-diligence purposes.
  • Run ABN / GST lookups on counterparties you're transacting with.
  • Build internal tools, agents, or workflows that use Hoist Assets programmatically.
  • Store records you generate, indefinitely if you want, on your own systems.
  • Attach records to deal files, court bundles, audit packages, data rooms.
  • Share records with the parties involved in the transaction (counterparty, lawyer, court, regulator).

What you can't do

  • Attempt to circumvent the org-only boundary. Don't pass individual-grantor inputs in fields meant for organisations. Circumvention attempts, such as disguising individual data as serial numbers, are termination-worthy.
  • Resell Hoist Assets access as a wholesale data product without a separate written agreement. If you're an aggregator, talk to us about the partner programme.
  • Harvest the register in bulk. Don't loop through ACN ranges or VIN sequences to build a private mirror. AFSA's terms prohibit this; ours do too.
  • Use the service for surveillance, stalking, or harassment. Australian asset registers exist for commercial due diligence; using them to track individuals' assets for non-commercial reasons is prohibited.
  • Run automated workloads that materially degrade service for other customers. Fair-use rate limits apply; if you need more, ask.
  • Work around record checks or pricing controls. Do not try to bypass the checks that keep records verifiable or paid searches confirmed.
  • Bypass authentication. Don't share access credentials across organisations, scrape the dashboard, or use leaked credentials.

AI-agent and automated workflow uses

Hoist is designed to be called by AI agents and automated workflows. Most agent uses are permitted; a few are not.

Permitted agent uses:

  • An agent that runs PPSR or ABN checks as part of a legitimate due-diligence workflow on behalf of an authenticated account holder.
  • An agent that interprets Evidence Pack results, flags risk items, and escalates to a human reviewer.
  • An agent that monitors a counterparty and triggers a new check when conditions change.
  • Automated calls from internal tools or CRM integrations operating under an account holder's credentials.

Prohibited agent uses:

  • Autonomous high-value decisions. An agent must not use Hoist evidence as the sole basis for approving or rejecting a financial transaction without a human confirmation step. Evidence Packs are inputs to human decisions, not replacements for them.
  • Unattended bulk harvesting. An agent must not loop through ACN ranges, VIN sequences, or other identifiers to build a mirror of register data. This is prohibited regardless of whether the agent is supervised.
  • Credential sharing across agents. Access credentials belong to an account holder. Do not configure multiple agents or third-party services to share a single credential unless you have a written partner agreement.
  • Bypassing confirmation on paid searches. An agent must not suppress or skip any confirmation mechanism we implement before a paid search executes.
  • Using AI output as source-of-truth. Do not submit AI-generated text (e.g., model inference about an entity's status) as input to Hoist searches in place of actual identifiers. Hoist verifies sources; it cannot verify AI-generated content.

Examples - judgement calls

Some uses sit close to the line. Our reading:

  • OK: An agent that runs a PPSR + ABN check on every new lead in your CRM and attaches a record. You're the customer; the record sits on your deal file; the searches are legitimate due diligence.
  • OK: An aggregator platform that lets its own customers run searches via your account - provided your customers have agreed to your terms and you've signed our partner agreement.
  • Not OK: An agent that runs PPSR searches against ACN ranges to build a private database of who-owns-what for marketing purposes.
  • Not OK: Submitting a counterparty's individual director's licence number under serial_number. That's circumventing the org-only boundary.
  • Ask us: A research project doing aggregated analysis. We may support controlled access when the use is lawful and low-risk.

Enforcement

  • First, we ask. If we notice usage that looks off, we email your account contact first.
  • Then, we throttle or suspend. Material violations result in rate limiting, scope downgrade, or temporary suspension.
  • Finally, we terminate. Repeated or wilful violations end the contract under our Terms of service.
  • Refunds: none on terminated-for-cause accounts. Pro-rated on accounts you cancel voluntarily.

Reporting

If you see suspected misuse of the Service (your own data, someone else's, anything), use the current contact route at /contact/. Acknowledged within 24 hours.