Acceptable Usage Policy

Version: 2.0

Last Updated: March 25th, 2025

Introduction

The Acceptable Use Policy (AUP) aims to protect all users of DarkInvader’s External Attack Surface Management (EASM) service and to minimise risk by providing clarity on the behaviours expected and required by DarkInvader.

Purpose

This Acceptable Use Policy outlines the guidelines and standards you must follow when utilising the DarkInvader platform. It specifies acceptable and prohibited activities to ensure responsible use of the platform and to maintain the integrity and security of our services and the data they manage. This Policy should be read in conjunction with our Terms & Conditions (“T\&Cs”) and any other applicable agreements or policies referenced therein.

1. User Responsibilities

To ensure the security, integrity, and lawful use of the DarkInvader platform, all users are expected to adhere to the following responsibilities:

  1. Account Security
    • You must take reasonable steps to protect your account credentials, including using strong passwords and enabling multi-factor authentication.
    • Do not share your login details with others, and ensure any compromised credentials are promptly updated and reported to DarkInvader.
  2. Responsible Use
    • You are responsible for ensuring that all actions performed using your account comply with this Acceptable Use Policy, the T\&Cs, and all applicable laws and regulations.
    • If accessing or using the platform outside England and Wales, you remain responsible for ensuring your activities also comply with local laws.
  3. Ethical Reporting
    • If you identify any vulnerabilities, security risks, or suspicious activity related to the DarkInvader platform, you must report them promptly to [email protected] rather than exploiting or misusing them.
    • Any attempt to circumvent or exploit identified vulnerabilities is strictly prohibited.
  4. Data Protection Compliance
    • When handling any data retrieved from the platform, you must comply with all applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
    • If you process Personal Data of individuals located outside the UK, you must also comply with the relevant local data protection legislation.
    • You must ensure that any Personal Data is processed lawfully, fairly, and securely.
  5. Lawful Authorisation
    • Before using DarkInvader’s scanning or discovery features, you must obtain legal authorisation from the owner of the assets in question. You are solely responsible for ensuring that your scanning activities are legitimate and compliant with the Computer Misuse Act 1990 or equivalent legislation in other jurisdictions.
  6. Alignment with T\&Cs
    • In the event of any inconsistency between this AUP and the T\&Cs, the T\&Cs will prevail.
    • You are advised to review the T\&Cs for further details regarding liability, indemnification, and dispute resolution.

Failure to uphold these responsibilities may result in enforcement actions as outlined in the Policy Violation Consequences section.

2. Prohibited Uses and Conduct

You are permitted to use the DarkInvader platform solely for lawful purposes. The following actions are explicitly prohibited:

  1. Unauthorised Information Gathering
    • Using the platform to collect, store, or process sensitive information about individuals, organisations, or entities without both legal authorisation and a legitimate purpose.
    • Sensitive information includes personally identifiable information (PII), financial records, authentication credentials, trade secrets, and any other data classified as confidential under applicable laws.
  2. Unauthorised Scanning and Discovery
    • Using the platform’s active scanning features to identify assets, discover vulnerabilities, or probe networks without prior written authorisation from the asset owner or an authorised representative.
    • This includes scanning any assets outside your explicit ownership or control.
  3. Unauthorised Access and System Interference
    • Attempting to gain access to any system, account, or network on the platform without appropriate permissions. This includes activities such as brute-force attacks, privilege escalation, or circumventing authentication mechanisms.
  4. Malicious Software and Harmful Content
    • Uploading, transmitting, or distributing harmful malware, spyware, ransomware, trojans, worms, keyloggers, or any software designed to compromise, damage, or disrupt systems, networks, or data.
    • “Harmful malware” refers to any program or code intentionally created to cause harm, exfiltrate data, or facilitate unauthorised access.
  5. Unlawful or Deceptive Use
    • Using the platform in violation of any local, national, or international laws. This includes storing, transmitting, or sharing content that is fraudulent, defamatory, obscene, or promotes hate speech, violence, or discrimination.
    • Engaging in phishing, identity theft, social engineering attacks, or uploading materials that infringe upon copyright, intellectual property rights, or that promote illicit activities.
  6. Misuse of Platform Data
    • Using platform data to harass, intimidate, or violate the privacy of individuals.
    • Impersonating any individual or organisation, or misrepresenting your affiliation to gain unauthorised access or mislead others.
    • Engaging in excessive data extraction, such as web scraping or automated data harvesting, that adversely impacts the platform’s performance.

3. Policy Violation Consequences

If a violation of this Acceptable Use Policy is suspected, we reserve the right to take any actions we consider necessary and appropriate. Non-compliance with this policy is considered a significant breach of the T\&Cs governing your use of the DarkInvader platform, which can lead to various consequences, including but not limited to:

  1. Access Revocation
    • Your right to use the DarkInvader platform may be immediately, temporarily, or permanently revoked.
  2. Suspension of Services
    • Your access to the platform may be suspended with or without notice if required by a governmental, judicial, or regulatory authority, or if a security risk is identified.
  3. Investigation and Compliance Review
    • DarkInvader reserves the right to investigate suspected violations and request further information from users.
    • You are expected to cooperate fully with any compliance review.
  4. Notification of Violations
    • If a breach is identified, DarkInvader may issue a formal warning, providing details of the violation and any required corrective actions.
  5. Appeal Process
    • If you believe an enforcement action was taken in error, you may submit an appeal within 14 days of the action.
    • Appeals should include relevant evidence supporting your case and will be reviewed by DarkInvader’s compliance team.
    • The final decision will be communicated in writing.
  6. Exclusion of Liability
    • DarkInvader is not liable for any actions taken in response to policy violations, including account suspension, data loss, or service disruption.
  7. Additional Legal or Regulatory Action
    • Depending on the nature of the violation, DarkInvader may escalate the matter to relevant law enforcement or regulatory bodies, particularly in cases of unlawful activity or security threats.
  8. Data Handling upon Termination
    • If your account is terminated or suspended, DarkInvader will handle any associated user data in accordance with our T\&Cs and Data Processing Agreement (where applicable).
    • You will not have access to retrieve data once your account is deactivated, so please ensure you maintain your own backups or copies of any essential data in accordance with the T\&Cs and data protection laws.

4. Governing Law and Jurisdiction for Disputes

The terms outlined in this policy, including its subject matter and formation, as well as any disputes or claims that arise (including those not contractual in nature), are governed by English law. By using the DarkInvader platform, you agree that any legal disputes or claims that cannot be resolved informally will be subject to the exclusive jurisdiction of the courts of England and Wales.

This provision is intended to provide clarity and predictability in the resolution of any issues that may arise during your use of the DarkInvader platform and is consistent with our T\&Cs.

5. Changes to the Terms of This Policy

DarkInvader may update this policy periodically to reflect changes in legal requirements, industry standards, or improvements to the platform. When updates are made, we will notify users via in-app notifications within the DarkInvader platform.

  • Notification and Acceptance
    • It is your responsibility to review any updated policy and ensure continued compliance.
    • By continuing to use the platform after changes take effect, you acknowledge and agree to the revised terms.
    • If you do not agree to the updated terms, you must discontinue use of the platform.
  • Reference to T\&Cs
    • Updates to the AUP are made under the process described in our T\&Cs. If there is any conflict between this AUP and our T\&Cs, the T\&Cs take precedence.

To stay informed about policy changes, we recommend reviewing this Acceptable Use Policy regularly and paying attention to any in-app notifications regarding updates.

For any questions or clarifications regarding this Acceptable Use Policy, please contact us at:

Contact Information

DarkInvader (13636918), Calls Wharf, 2 The Calls, Leeds, LS2 7JU
[email protected]    [email protected]