Acceptable Use Policy

1. Purpose

Intrudify provides powerful offensive security testing capabilities. With this capability comes a responsibility to ensure the platform is used ethically, legally, and only against systems you are authorized to test. This AUP exists to protect you, Intrudify, and third parties from misuse of the platform.

2. Permitted uses

You may use the Intrudify platform for the following purposes:

• Scanning web applications, APIs, and related digital assets that you own;
• Scanning web applications, APIs, and related digital assets owned by third parties, provided you hold valid written authorization from the Target owner and have completed the per-Target attestation within the platform;
• Using scan results and pentest reports for improving the security posture of tested applications;
• Sharing reports with auditors, regulators, clients, or insurance providers as reasonably necessary for compliance, certification, or risk management purposes;
• Using the AI remediation guidance to fix identified vulnerabilities; and
• Accessing the Intrudify Security Score and related dashboards for internal security monitoring and board reporting.

3. Prohibited uses

You must not use the Intrudify platform for any of the following purposes. Violation of any of these prohibitions may result in immediate account termination, forfeiture of all fees paid, referral to law enforcement, and pursuit of legal action including the indemnification obligations in the Terms of Service.

3.1 Unauthorized scanning

• Scanning, testing, or interacting with any domain, application, API, or digital asset for which you do not have valid authorization from the owner;
• Making a false attestation within the platform that you hold authorization for a Target when you do not;
• Failing to obtain or retain valid written authorization from the Target owner as required by the Terms of Service;
• Initiating scans on Targets where authorization has been revoked or has expired;
• Attempting to bypass, circumvent, or manipulate any authorization or verification process; and
• Using the platform for reconnaissance, intelligence gathering, or any form of testing against systems you do not have explicit permission to test.

3.2 Malicious or illegal use

• Using the Service for any purpose that violates applicable local, national, or international laws or regulations, including but not limited to the EU Convention on Cybercrime, national computer fraud and abuse statutes, and data protection laws;
• Using scan results, vulnerability findings, or any information obtained through the Service for extortion, blackmail, intimidation, or threats against any person or entity;
• Selling, trading, disclosing, or otherwise distributing vulnerability information to unauthorized parties, including on dark web forums, vulnerability marketplaces, or similar channels;
• Using the Service to facilitate unauthorized access to systems, networks, or data;
• Using the Service to intentionally disrupt, damage, or impair the availability or performance of any Target or third-party system; and
• Using the Service in connection with any form of harassment, stalking, or surveillance.

3.3 Platform abuse

• Sharing, selling, transferring, or sublicensing your Intrudify account or credentials to any third party;
• Creating multiple accounts to circumvent usage limits, verification requirements, or account suspensions;
• Attempting to reverse engineer, decompile, disassemble, or otherwise derive the source code, algorithms, AI models, or underlying technology of the Service;
• Interfering with or disrupting the Service, its infrastructure, or other users' access to the Service;
• Scraping, crawling, or extracting data from the Service in an automated manner for purposes other than using the Service as intended;
• Using the Service to build, train, or improve a competing product or service; and
• Circumventing or attempting to circumvent any usage limits, rate limits, or access controls.

3.4 Harmful targets

• Scanning critical infrastructure (power grids, water systems, emergency services, air traffic control, healthcare systems) without proper authorization chains that include explicit acknowledgment from the infrastructure operator;
• Scanning government systems without proper government authorization; and
• Scanning shared hosting environments where testing could affect systems or data belonging to third parties who have not provided authorization.

4. Your responsibilities

In addition to complying with the prohibitions above, you are responsible for:

• Ensuring that all authorized users of your account are aware of and comply with this AUP;
• Maintaining valid and current authorization for all Targets throughout the period of testing;
• Promptly notifying Intrudify at [email protected] if you become aware of any unauthorized use of your account or any violation of this AUP;
• Keeping your authorization documents, scan results, and reports secure and accessible only to authorized personnel; and
• Cooperating with Intrudify in any investigation of suspected violations of this AUP.

5. Monitoring and enforcement

5.1 Monitoring

Intrudify reserves the right to monitor use of the Service to ensure compliance with this AUP. Monitoring may include reviewing scan patterns, domain verification submissions, authorization documents, and account activity. Intrudify will conduct such monitoring in a manner consistent with its Privacy Policy and applicable law.

5.2 Enforcement actions

If Intrudify determines, in its reasonable judgment, that a violation of this AUP has occurred or is likely to occur, Intrudify may take one or more of the following actions:

• Issue a written warning to the Customer;
• Temporarily suspend the Customer's access to the Service pending investigation;
• Permanently terminate the Customer's account;
• Forfeit all fees paid by the Customer without refund;
• Report the violation to relevant law enforcement authorities;
• Cooperate fully with any resulting law enforcement investigation; and
• Pursue legal action, including the indemnification obligations under the Terms of Service.

5.3 No obligation to monitor

While Intrudify reserves the right to monitor compliance, Intrudify is under no obligation to do so and shall not be liable for any failure to detect or prevent violations of this AUP.

6. Reporting violations

If you become aware of any use of the Intrudify platform that violates this AUP, please report it immediately to [email protected]. Reports will be treated confidentially to the extent possible.

7. Changes to this policy

Intrudify reserves the right to modify this AUP at any time. Material changes will be communicated to you via email at least fifteen (15) days before the changes take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the modified AUP.