Acceptable Use Policy

1. Purpose

This Acceptable Use Policy describes prohibited uses of DataStun. It exists to protect our customers, our infrastructure, and the broader internet ecosystem. It is incorporated into the Terms of Service by reference; violating it is a breach of the Terms.

2. Prohibited uses

You may not use DataStun, directly or indirectly, to:

• Break the law. Violate any applicable law or regulation, including export-control, sanctions, privacy, telecommunications, employment, wiretap, or computer-fraud statutes.
• Infringe rights. Infringe copyright, trademark, patent, trade-secret, publicity, privacy, or other intellectual property or proprietary rights of any party.
• Distribute malware. Upload, transmit, or facilitate the distribution of viruses, worms, ransomware, spyware, keystroke loggers, or any other malicious code.
• Attack our systems. Probe, scan, penetrate, or otherwise test the security or integrity of DataStun’s infrastructure or any other customer’s tenant, except through a vulnerability-disclosure process we have explicitly authorized in writing.
• Reverse engineer the service. Reverse engineer, decompile, disassemble, or attempt to derive the source code, algorithms, or trade secrets of the agent, ten, or rep, except to the extent applicable law expressly permits despite this prohibition.
• Test systems you do not own. Test, scan, probe, analyze the security of, or perform any active assessment against any network, system, host, application, or service that you do not own or for which you do not hold explicit written authorization to test from the owner. DataStun is a security product. Using it against third-party systems without authorization is unauthorized access and, in most jurisdictions, a crime. Responsibility for any unauthorized testing falls entirely on you.
• Monitor people unlawfully. Use the agent to monitor any individual where you lack the legal authority to do so, including but not limited to monitoring employees, contractors, students, family members, or others in violation of applicable electronic-monitoring, wiretap, or workplace-privacy statutes.
• Bypass tenant isolation. Access, query, or attempt to access data belonging to another customer’s tenant, or attempt to enumerate other tenants, accounts, agents, or reputation-cache entries.
• Overwhelm or enumerate our infrastructure. Submit requests (reputation lookups, telemetry, support tickets, sign-up attempts, or otherwise) in volumes or patterns designed to overwhelm the service, harm other customers, or enumerate our internal state.
• Resell or sublicense. Resell, sublicense, lease, time-share, white-label, or otherwise make the service available to any third party, except as expressly permitted under a signed addendum.
• Harass. Use the service to harass, stalk, threaten, dox, defame, or harm any individual.
• Submit data you do not have the right to submit. Submit any data — including personal data, customer content, or third-party information — that you do not have the legal right to submit.
• Submit regulated data we do not authorize. Submit data subject to regulatory regimes we have not agreed to handle, including but not limited to protected health information under HIPAA, payment card data subject to PCI DSS, classified information, or data subject to export-control restrictions, unless we have agreed in writing to receive it.
• Use automated access except through documented APIs. Scrape, crawl, or use bots, spiders, or automated means to access the service except through APIs we publicly document, and only within published rate limits.
• Develop a competing product. Use the service, our documentation, or any access we provide to design, build, or improve a product or service that competes with DataStun.
• Misrepresent identity. Misrepresent your identity, your affiliation with any organization, or your authority to bind any entity.
• Circumvent controls. Bypass, attempt to bypass, or assist others in bypassing tier gates, rate limits, billing, audit logging, or any other control we have placed on the service.

3. Consequences

A violation of this AUP may result in any of the following, at our discretion and without prior notice where the circumstances warrant:

• Suspension or termination of your account, your tenant, individual agents, API keys, or installer packages.
• Removal or quarantine of content you have submitted.
• Forfeiture of any prepaid fees, where the violation was material.
• Reporting to law enforcement, regulatory authorities, or other affected parties, including disclosure of relevant account, telemetry, or audit data where lawful.
• Civil or criminal legal action, including injunctive relief and damages.

We may enforce this AUP in our sole discretion. Choosing not to enforce a particular violation is not a waiver of our right to enforce later.

4. Reporting violations

If you believe another user, an agent, or any party is violating this AUP — for example, distributing malware through the service, abusing our infrastructure, or testing systems without authorization — report it to [email protected]. Include as much detail as you can: account or tenant identifiers if known, timestamps, IPs, and a description of the suspected behavior. We will review and respond as we deem appropriate.