Legal document

Acceptable Use Policy

Last updated: June 19, 2026

This Acceptable Use Policy ("AUP") applies to all access to and use of the CTI Zero Service. It is incorporated into the Terms of Service. We may update this AUP from time to time; the most recent version always applies.

1. Defensive use only

The Service is provided to support defensive cybersecurity activities — threat monitoring, incident response, vulnerability management, brand and credential exposure monitoring, and security research conducted in good faith. It may not be used to plan, support, conduct or assist offensive operations against systems you are not authorised to test.

2. Prohibited activities

You must not, and must not allow any user or third party to:

Use the Service to attack, probe, scan or otherwise interfere with any system you are not authorised to assess.
Use intelligence data to identify, target, harass, dox or harm individuals.
Use leaked-credential or breach data to gain or attempt to gain unauthorised access to any account or system.
Resell, redistribute or sub-licence raw feed data or our intelligence outputs except as expressly permitted.
Reverse engineer, decompile or attempt to extract source code, models or training data from the Service.
Interfere with or disrupt the integrity or performance of the Service, including by sending excessive requests or bypassing rate limits.
Use the Service to develop a competing product or to benchmark without our prior written consent.
Upload malware, illegal content, or content that infringes third-party rights.
Violate applicable export controls, sanctions or other laws.

3. Credentials and tokens

Protect account credentials, API tokens and webhook secrets. Rotate them when team members leave or when compromise is suspected. You are responsible for activity performed with your credentials.

4. Rate limits and fair use

API and webhook usage is subject to the limits of your plan. We may throttle, suspend or block traffic that exceeds those limits or that harms the stability of the Service.

5. Reporting abuse and vulnerabilities

Abuse of the Service: abuse@ctizero.com
Security vulnerabilities: security@ctizero.com — please provide reproduction steps and allow reasonable time to remediate before disclosure.

6. Enforcement

We may investigate suspected violations and take action including warnings, rate limiting, suspension of specific features, suspension of the account, or termination. Where required, we may cooperate with law enforcement.