Acceptable Use Policy

This Acceptable Use Policy ("AUP") explains the uses of the Sentinelle platform, agent and APIs that are permitted and prohibited. It supplements the Terms of Service and applies to every user, workspace, API token and mission.

Sentinelle is designed for authorised offensive-security work. Because the product can generate real traffic and real exploit activity, this AUP is intended to prevent misuse, reduce collateral harm and protect customers, asset owners and the broader internet ecosystem.

You may use the Service only for lawful, authorised security testing, exposure validation, defensive research and related internal security workflows. You must have a valid legal basis and sufficient written permission before directing the Service at any target you do not own.

• Use only against systems you own or are explicitly authorised to test.
• Stay within the defined rules of engagement, target scope, rate limits and time windows.
• Use the minimum level of force and access necessary to establish the authorised security objective.

You may not use the Service to:

• perform illegal intrusion, unauthorised access, account takeover, persistence, lateral movement or data exfiltration against third parties;
• bypass law, regulation, sanctions, export restrictions, law-enforcement orders or court orders;
• weaponise findings into malware, destructive payloads, phishing kits, exploit kits, ransomware or extortion workflows;
• harvest credentials, session tokens, personal information or secrets except where strictly necessary to prove an authorised security issue within scope;
• disrupt availability, destroy data, degrade service quality or cause collateral damage outside the bounds of an authorised engagement;
• abuse bug-bounty or coordinated disclosure programs by operating outside scope, exceeding authorised methods, ignoring platform rate limits or withholding material impact for leverage;
• use the Service on behalf of a third party where you do not have authority to bind that party or evidence of their authorisation;
• attempt to hide misuse, spoof attribution, tamper with logs, or circumvent Sentinelle monitoring or scope controls.

If you use the Service under a bug-bounty, VDP or third-party testing program, you are responsible for reviewing and following that program's exact terms. Program rules may be stricter than our default product controls.

• Do not assume a program permits autonomous testing unless it says so clearly.
• Do not exceed allowed targets, methods, concurrency, rates or proof-of-impact limits.
• Do not continue testing after a warning, revocation, scope change or instruction to stop.

We may monitor usage metadata, mission parameters, safety signals and other telemetry necessary to enforce this AUP, protect the Service and investigate suspected misuse.

If we reasonably suspect misuse, we may limit capabilities, pause missions, revoke tokens, suspend workspaces or terminate access immediately and without liability. We may also preserve logs and cooperate with affected asset owners, vendors, platforms, law enforcement or regulators as appropriate.

If you believe the Service is being used unlawfully or outside authorised scope, contact us at abuse@sentinelle.ai or security@sentinelle.ai with the relevant details. We review good-faith reports promptly.

We may update this AUP from time to time to reflect product changes, legal developments or new abuse patterns. Material updates will be posted here and, where appropriate, communicated through the Service or by email.