Skip to main content
VertaaUXVertaaUX

Acceptable Use Policy

Last updated: December 20, 2025

1. Scope

This Acceptable Use Policy ("AUP") governs your access to and use of VertaaUX. It is incorporated into our Terms of Service.

2. Core rule: authorized auditing only

You may only audit websites and web applications that you own or that you have explicit permission to test. This includes permission from the site owner (or an authorized representative) to run automated checks and analyze page behavior.

If you are an agency or consultant, you must have your client's permission for each target you audit.

3. Prohibited use

You agree not to use the Service to:

  • Probe, scan, or test targets you do not have permission to audit (including "drive-by" security testing).
  • Break or bypass access controls, rate limits, authentication, paywalls, or usage restrictions.
  • Reverse engineer, decompile, disassemble, or attempt to extract source code, models, prompts, or proprietary logic.
  • Use the Service to build a competing product or to benchmark for competitive intelligence at scale.
  • Automate excessive requests that degrade Service performance, overload our infrastructure, or create unreasonable load on third-party sites.
  • Upload, transmit, or process unlawful content, or content that infringes intellectual property rights.
  • Use the Service for harassment, discrimination, threats, or any abusive behavior.
  • Attempt to access another user's data, audit history, reports, or share links without authorization.
  • Use the Service to process special categories of personal data (e.g., health, biometrics, political opinions) unless explicitly agreed in writing (typically Enterprise + DPA addendum).

4. API, automation, and scraping rules

4.1 Use within your plan limits

If you use the API, you must comply with your plan's rate limits and usage caps. You must not attempt to circumvent limits by rotating keys, accounts, or IP addresses.

4.2 Protect your credentials

You must keep API keys and access tokens confidential and must not publish them in public repositories or client-side code.

4.3 No scraping of VertaaUX

You may not scrape the VertaaUX UI or endpoints to extract data at scale outside documented export/API features.

5. Responsible auditing

Automated audits can create load on the sites you test. You agree to run audits responsibly:

  • Prefer staging environments when possible.
  • Avoid high-frequency re-audits in short time windows.
  • Respect robots.txt and site policies where applicable.
  • Do not attempt to exploit vulnerabilities or access non-public areas.

6. Enforcement

If we reasonably believe you violated this AUP, we may:

  • Rate limit or block specific requests
  • Suspend or terminate your account
  • Remove or disable access to reports or share links
  • Report abusive activity to relevant parties where legally required

Account termination for AUP violations typically makes the account ineligible for refunds (see Refund & Cancellation Policy).

7. Reporting abuse

If you discover a security issue or believe someone is abusing the Service, please report it to security@vertaaux.ai with details.

8. Changes to this Policy

We may update this AUP from time to time. Material changes will be posted here with an updated date.

9. Contact