Acceptable Use Policy

Effective: June 14, 2026

This Acceptable Use Policy ("AUP") governs all use of the Cabreza platform, websites, applications, APIs, and related services (collectively, the "Services"). It is incorporated into and forms part of the Cabreza Terms of Service ("Terms"). Capitalized terms not defined here have the meaning given in the Terms.

By using the Services, the Customer and each of its Authorized Users agree to this AUP. Violations may result in suspension, limitation, or termination of access as described in the Enforcement section below and in the Terms' termination provisions.

This AUP should be read alongside the Privacy Policy, the Developer/API Terms, and the Intelligence Sourcing & Takedown Policy, each of which governs related aspects of the Services.

1. Definitions (Restated for Reference)

  • "Services" — the Cabreza platform, websites, applications, APIs, and related services.
  • "Customer" / "you" — the organization that has agreed to the Terms.
  • "Authorized Users" — individuals the Customer permits to use the Services under its Account.
  • "Customer Content" — data, documents, files, and information submitted to or created in the Services by the Customer or its Authorized Users, including the Customer's private Digital Twin.
  • "Platform Intelligence" — the entity, vulnerability, regulatory, standards, and threat-intelligence data Cabreza compiles, curates, and makes available through the Services, including OSINT-derived intelligence about organizations and individuals.
  • "Generated Output" — content produced by the Services' AI features at the Customer's direction.
  • "Cooper" — the AI assistant within the Services.

2. General Prohibited Conduct

The Customer must not, and must not permit any Authorized User or third party to:

  1. Unlawful Use. Use the Services for any purpose that violates applicable law or regulation, or in any way that facilitates illegal activity.

  2. Intellectual Property Infringement. Upload, transmit, or distribute content that infringes any copyright, trademark, trade secret, patent, or other intellectual property right of any party.

  3. Circumventing Controls. Circumvent, disable, or attempt to bypass any security feature, access control, usage limit (including active-target caps, Credit limits, and entitlement gates), or authentication mechanism.

  4. Credential and Key Sharing. Share account credentials, API keys, or session tokens with any person who is not an Authorized User. Each set of credentials is for the use of a single named individual or authorized system.

  5. Automated Scraping or Data Mining. Use bots, crawlers, scrapers, or any automated means to extract, index, copy, or mirror the Services, the Platform Intelligence corpus, or any content made available through the Services, except through Cabreza's published API in accordance with the Developer/API Terms.

  6. Service Interference. Take any action that imposes an unreasonable or disproportionate load on the Services' infrastructure; interfere with or disrupt the Services, their servers, or networks connected to them; or introduce any denial-of-service attack, flood, or packet-injection.

  7. Reverse Engineering. Decompile, disassemble, reverse engineer, or attempt to derive source code, models, prompts, or underlying logic from any part of the Services, except to the extent expressly permitted by applicable law that cannot be waived by contract.

  8. Competing Product or Model Training. Use the Services, the Platform Intelligence, or any Generated Output to build, benchmark, or train a product or service that competes with Cabreza, or to train, fine-tune, or evaluate any machine-learning or AI model, except for internal use within the Customer's own environment on the Customer's own Customer Content.

  9. Malware. Upload, transmit, or introduce any virus, worm, Trojan horse, ransomware, spyware, or other malicious or harmful code.

  10. Identity Falsification. Impersonate any person or entity; misrepresent your affiliation, authority, or identity; or create accounts by automated means, bulk registration, or on behalf of fictitious persons or organizations.

  11. Harassment of Cabreza Personnel. Harass, abuse, threaten, or intimidate Cabreza employees, contractors, or agents.

3. AI-Specific Prohibited Conduct

The Customer must not, and must not permit any Authorized User to:

  1. Jailbreaking and Prompt Injection. Attempt to jailbreak, prompt-inject, manipulate, or subvert the model safeguards, content filters, or safety controls of Cooper or any other AI feature within the Services. Cabreza fences untrusted external content in its prompts specifically to resist injection attacks; any attempt to exploit or bypass this architecture is a violation of this AUP.

  2. Harmful or Unlawful Content Generation. Use Cooper or any content-generation feature to produce, publish, or distribute content that is unlawful, defamatory, fraudulent, obscene, harassing, infringing, or otherwise harmful; or to generate content designed to deceive or manipulate individuals or systems in a damaging way.

  3. Reliance on Generated Output as Professional Advice. Rely on Generated Output — including AI-drafted compliance documents, standards mappings, posture summaries, or assistant responses — as legal, regulatory, compliance, engineering, security, or other professional advice without independent verification. As stated in the Terms' "No Professional Advice" clause, the Customer is solely responsible for verifying Generated Output before using it for any compliance, operational, or business decision.

  4. Corpus Extraction. Use the Services, Cooper, or the API to bulk-extract, reconstruct, or systematically replicate the Platform Intelligence corpus or any substantial portion of it, whether by querying, prompting, or otherwise; this includes using the API or assistant in ways designed to reassemble proprietary intelligence data outside the Services.

4. Intelligence and Third-Party Data

Platform Intelligence includes information about organizations, individuals, vulnerabilities, exposures, and other entities that Cabreza compiles from public and licensed sources. This intelligence is provided to support legitimate security, risk management, and business purposes. The Customer agrees to:

  1. Lawful Purpose Only. Use Platform Intelligence — including information about third-party organizations or individuals — only for lawful security, risk, compliance, and business purposes consistent with applicable law and these Terms.

  2. No Harassment, Stalking, or Targeting. Not use Platform Intelligence, exposure data, or any information derived from the Services to harass, stalk, dox, intimidate, discriminate against, or unlawfully target any organization, individual, group, or protected class.

  3. No Unauthorized System Access. Not use leaked-credential findings, exposure data, discovered vulnerabilities, or any other Platform Intelligence to attempt unauthorized access to, intrude upon, exploit, or attack any computer system, network, or device belonging to any third party. Possessing exposure or vulnerability data through the Services creates no authorization to act on it against systems the Customer does not own or have explicit permission to test.

  4. No Weaponization or Unlawful Redistribution. Not weaponize Platform Intelligence against individuals or organizations, and not republish or distribute Platform Intelligence in any manner that violates applicable law, Cabreza's rights, or third-party rights.

  5. Removal Requests. Organizations or individuals who believe information about them appears incorrectly in the Platform Intelligence should follow the process described in the Intelligence Sourcing & Takedown Policy.

5. API and Developer Conduct

In addition to the Developer/API Terms, the following apply to all API access:

  1. Rate Limits. Do not exceed documented rate limits or attempt to circumvent them through key rotation, distributed requests, or any other technique.

  2. Key Confidentiality. API keys are confidential. Do not embed keys in publicly accessible code repositories, client-side code, or shared environments where unauthorized parties may access them.

  3. No Automated Abuse. Do not use the API for automated abuse, scraping in excess of permitted uses, or to generate synthetic traffic that is not representative of genuine usage.

  4. Publisher-Restricted Content. Some reference content accessible through the Services is licensed from third-party publishers under restrictions that prohibit redistribution or AI ingestion. Content flagged as restricted must not be redistributed outside the Services or fed into external AI systems. See the Developer/API Terms for details on identifying and handling restricted content.

6. Security Research and Responsible Disclosure

Do not probe, scan, penetration-test, fuzz, or otherwise attempt to assess the security of Cabreza's own infrastructure, platform, or systems without prior authorization. To report a suspected vulnerability, contact security@cabreza.com.

Reporting a vulnerability through that channel is welcomed and will not be treated as a violation of this AUP, provided the research is conducted without accessing, modifying, or exfiltrating user data, disrupting production services, or exploiting the finding beyond what is necessary to demonstrate the vulnerability.

7. Customer Responsibility for Authorized Users

The Customer is responsible for ensuring that all Authorized Users are aware of and comply with this AUP. A violation of this AUP by an Authorized User is a violation by the Customer. The Customer must take prompt action to remediate any violation it becomes aware of and must cooperate with Cabreza in investigating suspected violations.

8. Enforcement

Cabreza reserves the right to:

  • Suspend, limit, or throttle any Account or Authorized User's access immediately and without prior notice when necessary to protect the Services, other customers, or third parties from harm, abuse, or unlawful use.
  • Terminate access to the Services for material or repeated violations of this AUP, in accordance with the Terms' termination provisions.
  • Remove or disable any Customer Content or activity that violates this AUP.
  • Cooperate with law enforcement, regulators, or affected third parties in connection with any suspected unlawful use of the Services.

Emergency action — including immediate suspension — may be taken without prior notice when Cabreza determines in good faith that a violation poses an immediate risk of harm to the Services, other customers, or third parties. Where circumstances permit, Cabreza will provide notice and an opportunity to cure before taking action against a non-emergency violation.

Enforcement does not limit any other remedies available to Cabreza under the Terms or applicable law.

9. Reporting

Abuse and AUP violations: Contact abuse@cabreza.com to report conduct you believe violates this AUP.

Security vulnerabilities: Contact security@cabreza.com to report a security vulnerability in the Services.

Intelligence removal requests: To request removal of information about your organization from the Platform Intelligence, follow the Intelligence Sourcing & Takedown Policy.

10. Changes to This AUP

Cabreza may update this AUP from time to time. The revised version will be posted to our website and the effective date updated. Material changes will be notified to Customers in accordance with the notification provisions in the Terms. Continued use of the Services after the effective date of a change constitutes acceptance of the updated AUP.

This AUP is incorporated into the Cabreza Terms of Service. In the event of a conflict between this AUP and the Terms, the Terms control.