Acceptable Use Policy
Effective date: 2026-05-11
1. Purpose and Scope
This Acceptable Use Policy (the "AUP") sets the boundaries of acceptable use for the threathunter.com Services and applies to all Customers and their Authorised Users. The AUP is an integral part of the Terms of Service; a breach of the AUP is treated as a breach of those Terms.
Because of the nature of threat intelligence, misuse of the Services could cause serious harm. This AUP exists to ensure that the Services are used for legitimate security, fraud-prevention, brand-protection, and compliance purposes — and not as a tool for infringement, surveillance, or anti-competitive activity.
2. The Four Red Lines (Strictly Prohibited)
The following four categories of use constitute a material breach of this AUP. We will suspend or terminate the offending account immediately, and reserve the right to pursue any legal remedy available to us.
2.1 Red Line 1 — Harassment, Stalking, or Revenge Against Individuals
You may not use the Services to:
- Stalk, harass, threaten, or intimidate any individual;
- Carry out "doxxing" (publishing personal identifiers for the purpose of causing harm);
- Investigate a specific individual out of personal revenge, romantic dispute, or family dispute; or
- Investigate an individual with whom you have no lawful business relationship or legitimate interest.
2.2 Red Line 2 — Unauthorised Surveillance
You may not use the Services to:
- Surveil employees, consumers, users, or any other individuals beyond what local labour-law / privacy-law permits;
- Assist any government or private actor in conducting mass surveillance not authorised by law;
- Surveil or track political dissidents, journalists, human-rights defenders, or members of minority groups; or
- Assist in conduct that violates international human-rights law.
2.3 Red Line 3 — Resale or Redistribution of Intelligence Data
You may not:
- Resell, sublicense, or transfer Intelligence Data obtained through the Services to any third party;
- Publicly release large volumes of Intelligence Data (beyond occasional reference);
- Build any commercial service whose business model depends on redistributing our Intelligence Data; or
- Reverse engineer or competitively reconstruct our intelligence collection or processing systems.
2.4 Red Line 4 — Training Third-Party AI Models
You may not:
- Use the output of the Services (including conversation responses, reports, and Intelligence Data) to train, fine-tune, or evaluate any AI model — your own or any third party's (including without limitation LLMs and machine-learning classifiers); or
- Systematically or automatically scrape the output of the Services to build a competing dataset.
3. General Compliance Obligations
In addition to the four Red Lines, when using the Services you must:
3.1 Comply with Applicable Law
Including without limitation:
- Data-protection laws (GDPR / UK GDPR / PDPA / CCPA, etc.);
- Anti-fraud laws;
- Anti-Money Laundering (AML) and anti-bribery laws;
- Intellectual-property laws;
- Export controls and economic sanctions (see Terms §15); and
- Any other law applicable in your jurisdiction.
3.2 Maintain a Lawful Basis for Each Query
As required by Terms §5.1, for every query involving an identifiable individual, you must have a lawful purpose and a legitimate basis. Examples of legitimate use:
- ✅ Investigating fraud, cyberattacks, or brand abuse against your company or your customers;
- ✅ Fulfilling a legal or regulatory obligation (KYC / AML / fraud monitoring);
- ✅ Internal security operations (SOC), incident response, threat hunting;
- ✅ Protecting your company's or customers' legitimate rights or intellectual property; or
- ✅ Academic or industry research (subject to reasonable ethics review).
3.3 Responsible Account Use
- Do not share account credentials with unauthorised users;
- Do not create multiple accounts to evade quotas or bans;
- Do not use scripts, bots, or headless browsers to bypass rate limits or quotas; and
- Do not attempt unauthorised access to other customers' accounts or our back-end systems.
3.4 System Integrity
- Do not run penetration tests, vulnerability scans, or stress tests without prior written consent from security@threathunter.com;
- Do not upload malicious code, viruses, worms, ransomware, or any other destructive content; and
- Do not attempt to interfere with, weaken, or compromise the availability, integrity, or confidentiality of the Services.
3.5 Content Standards
- Do not upload unlawful, obscene, violent, fraudulent, or deceptive content to the Services;
- Do not impersonate any other person (including Threat Hunter employees); and
- Do not upload unredacted data about children, even where related to a fraud investigation.
4. Data-Subject Response Obligations
When your query involves an identifiable individual, you (acting as Data Controller) are responsible for handling:
- Data-subject requests from that individual (access, deletion, objection, etc.);
- Investigations or inquiries from supervisory authorities; and
- Damage claims resulting from your query activity.
See the Data Processing Agreement for further detail.
5. Enforcement
5.1 Our Rights
We reserve the following rights, exercisable individually or together as appropriate:
- To investigate suspected breaches of this AUP;
- To require evidence supporting your compliance (for example, a description of the lawful basis for a query);
- To suspend access to the Services immediately (pending investigation or remediation);
- To terminate the account immediately (for material or repeated breaches); and
- To report to supervisory authorities or law enforcement when required by law or in cases involving threats to personal safety.
5.2 No Pre-Review
We do not pre-review your queries (respecting your independence as a Data Controller and protecting your commercial confidentiality). However, we reserve after-the-fact audit rights — for example, after a complaint, a regulatory request, or when our anomaly detection flags a query for review.
5.3 Appeals
If you believe our suspension or termination decision was made in error, please email legal@threathunter.com. We will respond within 14 days.
6. Reporting Abuse
If you observe another user's possible breach of this AUP, or if you suspect your account has been compromised, please email:
- abuse-reports@threathunter.com — for reports of user violations
- security@threathunter.com — for security incidents or account compromise
Please provide, where possible: the email address or company name of the offending account, a description of the conduct, supporting evidence (screenshots / logs), and your contact information.
We protect the identity of good-faith reporters (except where disclosure is compelled by law).
7. Revisions to This AUP
We may revise this AUP from time to time. We will notify you of material changes (new Red Lines or broader prohibitions) by:
- An in-product banner displayed for at least 30 days;
- Email to all active customers; and
- Requiring you to re-confirm on your next login.
Minor revisions (wording adjustments, examples added) take effect on publication without separate notice.
8. Contact Information
| Purpose | Contact |
|---|---|
| AUP appeals / legal matters | legal@threathunter.com |
| Abuse reports | abuse-reports@threathunter.com |
| Security incidents | security@threathunter.com |
Last updated: 2026-05-11 · Version: 2026-05-11