Acceptable Use Policy

1. Introduction

This Acceptable Use Policy ("AUP") defines the permitted and prohibited uses of the Zapdor security scanning platform. All users must comply with this AUP in addition to our Terms of Service and applicable laws.

2. Authorized Use

2.1 Permitted Activities

• Security testing of assets you own or have explicit written authorization to test
• Vulnerability assessment for authorized systems
• Compliance testing for regulated environments
• Educational and research purposes with proper authorization
• Security testing under valid contracts

2.2 Authorization Requirements

• Written authorization must be obtained before scanning any target
• Authorization must specify the scope, duration, and limitations of testing
• Proof of authorization must be provided upon request
• Authorization must be from the legal owner or authorized representative

3. Prohibited Activities

3.1 Unauthorized Scanning

STRICTLY PROHIBITED:

• Scanning systems without explicit written authorization
• Testing third-party systems without permission
• Scanning systems you do not own or control
• Automated scanning of random targets
• Scanning for malicious purposes

3.2 Prohibited Targets

DO NOT SCAN:

• Government or military systems without proper authorization
• Critical infrastructure (power, water, transportation) without permission
• Financial institutions without explicit authorization
• Healthcare systems without proper authorization
• Educational institutions without permission
• Systems in countries where such scanning is illegal

3.3 High-Risk Activities

PROHIBITED:

• Denial of Service (DoS) attacks
• Distributed Denial of Service (DDoS) attacks
• Brute force attacks
• Social engineering attacks
• Phishing or fraud attempts
• Malware distribution or testing
• Data exfiltration or theft

4. Geographic Restrictions

4.1 Sanctioned Countries

RESTRICTED OR BLOCKED:

• Countries under international sanctions
• Countries with strict cybersecurity laws
• Countries where security scanning is prohibited

5. Data Protection and Privacy

5.1 Personal Data

• Do not scan systems containing personal data without proper authorization
• Comply with data protection laws (GDPR, PDPL, etc.)
• Obtain consent for processing personal data
• Implement appropriate safeguards for personal data

6. Abuse Prevention

6.1 Rate Limiting

• Respect rate limits and usage quotas
• Do not attempt to circumvent rate limiting
• Use reasonable scanning frequencies
• Avoid overwhelming target systems

7. Reporting and Disclosure

7.1 Responsible Disclosure

• Report vulnerabilities through proper channels
• Follow responsible disclosure practices
• Do not publicly disclose vulnerabilities without authorization
• Respect embargo periods and coordinated disclosure

8. Account Security

8.1 Account Protection

• Keep account credentials secure
• Use strong, unique passwords
• Enable two-factor authentication
• Report suspicious account activity immediately

9. Consequences of Violations

9.1 Immediate Actions

• Account suspension for policy violations
• Scan termination for unauthorized activities
• Data deletion for serious violations
• Legal action for illegal activities

9.2 Escalation Process

1. Warning: First violation results in a warning
2. Suspension: Repeated violations result in account suspension
3. Termination: Serious violations result in account termination
4. Legal Action: Illegal activities result in legal action

10. Reporting Violations

10.1 How to Report

• Email: robby.ardison@hotmail.com
• Confidentiality: Reports kept confidential
• Retaliation: Protection against retaliation

11. Contact Information

Abuse Reports:

• Email: robby.ardison@hotmail.com

Legal Inquiries:

• Email: robby.ardison@hotmail.com