Acceptable Use Policy

1. Introduction

This Acceptable Use Policy ("AUP") governs the use of the Sandworm Security platform, including all CloudGuard, Sandworm SIEM, Sandworm EDR, Stillsuit, and Sandworm SASE products (the "Services"). It is incorporated by reference into the Terms of Service. By using the Services, you agree to comply with this AUP.

Sandworm builds security tools. Many of those tools are dual-use: the same capability that lets you detect an attacker can, if misused, be an attack. We take that responsibility seriously and expect our customers to do the same.

2. Prohibited uses

You may not use the Services to do any of the following:

2.1 Unauthorized access or attack

• Attack, scan, probe, exploit, brute-force, or otherwise test the security of any system you do not own or do not have explicit written authorization to assess.
• Bypass authentication or authorization controls on systems that are not yours.
• Use vulnerability scanners, exploit frameworks, credential testing tools, or adversary simulation features against third parties without authorization.
• Use the Sandworm SASE VPN or Stillsuit NGFW/WAF to obscure the origin of attacks, bypass WAF protections on third-party systems, or evade law enforcement.

2.2 Abuse of shared infrastructure

• Launch denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks from Sandworm infrastructure or against it.
• Attempt to access, enumerate, or interfere with other customers' tenants, data, or infrastructure.
• Conduct unsolicited port scanning of arbitrary IP space from Sandworm-hosted services.
• Consume disproportionate resources in a way that degrades service for other customers.

2.3 Reverse engineering and tampering

• Reverse engineer, decompile, disassemble, or attempt to extract source code from any component of the Services.
• Tamper with, modify, or disable Sandworm agents in ways that misrepresent their output (e.g., to defeat license enforcement or tenant isolation).
• Remove, alter, or obscure copyright, trademark, or attribution notices.

2.4 Commercial abuse

• Resell, sublicense, white-label, or otherwise provide the Services to third parties without an authorized reseller agreement.
• Use the Services to benchmark or build a competing product without written permission.
• Create an account on behalf of an organization without authority to do so.
• Use stolen payment methods or commit chargeback fraud.

2.5 Unlawful or harmful content

• Upload, transmit, or store malware samples except in sandboxed analysis features provided for that purpose and in accordance with published guidance.
• Use the Services to harass, threaten, defame, or harm others.
• Store or transmit content that is illegal under applicable law.
• Violate export control laws (EAR, OFAC, ITAR, or equivalent).

2.6 Privacy violations

• Use the Services to process personal data in violation of GDPR, CCPA, or other applicable privacy laws.
• Exfiltrate or monitor employee communications without appropriate legal authority and disclosure.
• Ingest data from individuals who have not been given appropriate notice under applicable law.

3. Dual-use security tooling

Sandworm ships tools that are legitimately used for authorized security testing — vulnerability scanning, adversary simulation, credential testing, network fuzzing, and similar. You may use these features only:

• Against systems you own or have explicit written authorization to test.
• Within the scope of that authorization (do not exceed the agreed-upon rules of engagement).
• In a manner that does not endanger third parties.
• In accordance with all applicable laws in your jurisdiction.

When in doubt, ask. Contact jacobhendrick@sandworm-security.com or your account manager for guidance before engaging in an unusual testing scenario.

4. Reporting abuse

If you believe someone is abusing the Sandworm platform — attacking your systems, sending unsolicited traffic, hosting malicious content in a tenant, or otherwise violating this AUP — please report it:

• Abuse reports: jacobhendrick@sandworm-security.com
• Security issues: jacobhendrick@sandworm-security.com
• Legal / law enforcement requests: jacobhendrick@sandworm-security.com

Please include in your report: the nature of the abuse, any identifiers you can share (source IPs, timestamps, URLs, email headers), and whether you are acting on behalf of an organization. We acknowledge abuse reports within 24 hours of receipt and investigate within 72 hours.

5. Enforcement and consequences

Sandworm reserves the right to take any of the following actions in response to a suspected AUP violation, depending on severity:

• Warning — written notice and a request to stop the offending activity.
• Feature restriction — temporary disabling of specific features (e.g., scanning capabilities).
• Account suspension — temporary suspension pending investigation.
• Account termination — permanent termination with no refund, with 30 days' notice for non-security violations or immediately for active security threats.
• Law enforcement referral — Sandworm will cooperate with law enforcement where required by law or where we believe a crime is occurring.
• Civil claims — recovery of damages caused by violations, including abuse of the SLA dispute process or theft of service.

Sandworm will attempt to notify the account owner of enforcement action unless doing so would compromise an active investigation.