Acceptable Use Policy | VertaaUX

1. Scope

This Acceptable Use Policy ("AUP") is published by Digitaltableteur Tmi (FI22264455-2), trading as VertaaUX, and governs your access to and use of all VertaaUX products and services, including the web application, CLI tool, SDKs, REST API, GitHub Action, MCP Server, browser extension, and VS Code extension. It is incorporated into our Terms of Service.

2. Core rule: authorized auditing only

You may only audit websites and web applications that you own or that you have explicit permission to test. This includes permission from the site owner (or an authorized representative) to run automated checks and analyze page behavior.

If you are an agency or consultant, you must have your client's permission for each target you audit.

3. Prohibited use

You agree not to use the Service to:

Probe, scan, or test targets you do not have permission to audit (including "drive-by" security testing).
Break or bypass access controls, rate limits, authentication, paywalls, or usage restrictions.
Reverse engineer, decompile, disassemble, or attempt to extract source code, models, prompts, or proprietary logic.
Use the Service to build a competing product or to benchmark for competitive intelligence at scale.
Automate excessive requests that degrade Service performance, overload our infrastructure, or create unreasonable load on third-party sites.
Upload, transmit, or process unlawful content, or content that infringes intellectual property rights.
Use the Service for harassment, discrimination, threats, or any abusive behavior.
Attempt to access another user's data, audit history, reports, or share links without authorization.
Use the Service to process special categories of personal data (e.g., health, biometrics, political opinions) unless explicitly agreed in writing (typically Enterprise + DPA addendum).

4. API, automation, and scraping rules

4.1 Use within your plan limits

If you use the API, you must comply with your plan's rate limits and usage caps. You must not attempt to circumvent limits by rotating keys, accounts, or IP addresses.

4.2 Protect your credentials

You must keep API keys and access tokens confidential and must not publish them in public repositories or client-side code.

4.3 No scraping of VertaaUX

You may not scrape the VertaaUX UI or endpoints to extract data at scale outside documented export/API features.

5. Responsible auditing

Automated audits can create load on the sites you test. You agree to run audits responsibly:

Prefer staging environments when possible.
Avoid high-frequency re-audits in short time windows.
Respect robots.txt and site policies where applicable.
Do not attempt to exploit vulnerabilities or access non-public areas.

6. Enforcement

If we reasonably believe you violated this AUP, we will apply graduated enforcement proportionate to the severity:

Warning: Written notice describing the violation and required corrective action
Rate limiting: Temporary restriction of API calls or audit requests
Suspension: Temporary suspension of account access (typically 7-30 days)
Termination: Permanent account termination for repeated or severe violations

Severe violations (unauthorized access, data exfiltration, or illegal activity) may result in immediate suspension without prior warning.

Account termination for AUP violations typically makes the account ineligible for refunds (see Refund & Cancellation Policy).

6.1 Appeals

If you believe an enforcement action was taken in error, you may appeal by emailing legal@vertaaux.ai within 14 days of the action. Include your account email and a description of why you believe the action was incorrect. We will review your appeal and respond within 10 business days.

7. Reporting abuse

If you discover a security issue or believe someone is abusing the Service, please report it to security@vertaaux.ai with details.

8. Changes to this Policy

We may update this AUP from time to time. Material changes will be posted here with an updated date.

9. Contact

Support: support@vertaaux.ai
Legal: legal@vertaaux.ai