Skip to content

Legal

Acceptable Use Policy

Effective 2026-06-11.

← All legal documents

This Acceptable Use Policy ("AUP") is incorporated by reference into, and forms part of, the Terms of Service governing your use of the the Resolute Security platform(the "Service") operated by Resolute Security LLC("Resolute Security," "we," "us"). It applies to everyone who accesses or uses the Service — every account holder, authorized user, organization, and anyone acting on their behalf. If you use the Service through an End-User License Agreement, this AUP applies in addition to that agreement. Capitalized terms not defined here have the meanings given in the Terms of Service. Violating this AUP is a breach of the Terms of Service.

1. Purpose and scope

The Service includes tools that actively scan, probe, query, and monitor email domains, hostnames, IP addresses, web properties, and related systems, and that can send simulated phishing messages to people you designate. These are powerful capabilities, and using them against the wrong target — or for the wrong purpose — can cause real harm and can be illegal. This AUP sets the rules that keep the Service a legitimate security and compliance tool. It applies to all use of the Service, including the web application, any APIs, integrations, command-line tools, scan engines, reports, and exported data, and whether your use is manual or automated.

You are responsible for all activity that occurs under your account and for ensuring that every user, employee, contractor, and agent you permit to use the Service complies with this AUP.

2. Authorized targets only

You represent and warrant that you own, or have explicit prior written authorization from the owner to scan, probe, test, query, or monitor, every domain, hostname, IP address, email domain, web property, or system that you submit to, configure in, or test with the Service. This requirement applies to every asset you enter, upload, schedule, or otherwise direct the Service to act against, without exception.

  • You are solely responsible for obtaining that authorization before you run any scan, and for retaining documentary proof of it (for example, written permission from the asset owner, a signed engagement or rules-of-engagement document, or evidence of your own ownership) for as long as you use the Service and for a reasonable period afterward. We may ask you to produce that proof, and you agree to provide it.
  • Submitting an asset to the Service is your affirmative representation, each time you do so, that you hold the required authorization for that asset at that time. If your authorization lapses or is revoked, you must immediately stop scanning, probing, or monitoring the affected asset and remove it from the Service.
  • Scanning, probing, testing, or monitoring assets you do not own and are not authorized to test may violate the U.S. Computer Fraud and Abuse Act (CFAA), state computer-crime statutes, anti-hacking and electronic-communications laws in other jurisdictions, and the contractual rights of third parties. You assume all liability arising from any unauthorized use of the Service, and you will indemnify Resolute Security for it as set out in the Terms of Service.
  • Resolute Security does not pre-verify your authorization for any target and is not a party to your authorization for it. The fact that the Service technically permits a scan does not mean you are authorized to run it — that determination is always yours.

3. Prohibited activities

You must not use the Service, or any output of the Service, to:

  • gain or attempt to gain unauthorized access to, or attack, exploit, compromise, or disrupt, any system, account, network, or data;
  • conduct or facilitate any denial-of-service or distributed denial-of-service (DoS/DDoS) activity, or otherwise flood, overload, or impair any system or network;
  • create, host, transmit, or distribute malware, ransomware, exploit code, or other malicious or harmful code (except non-weaponized, authorized testing strictly within the Service's intended features);
  • send spam or unsolicited bulk messages, or conduct any real (non-simulated) phishing, social-engineering, pretexting, fraud, or other deceptive activity against any person;
  • infringe, misappropriate, or violate any patent, copyright, trademark, trade secret, or other intellectual-property or proprietary right, or unlawfully access, copy, or exfiltrate data;
  • collect, harvest, scrape, or otherwise process the personal data of third parties without a lawful basis and all required consents and notices;
  • circumvent, disable, or attempt to defeat any rate limit, quota, usage cap, authentication, authorization, or other access or security control of the Service or of any system you test;
  • resell, sublicense, rent, lease, time-share, or otherwise provide scan, monitoring, or other Service capacity to any third party, or use the Service to operate a competing service or to build a competing product;
  • probe, scan, attack, reverse-engineer, or test the security of Resolute Security's own infrastructure, networks, or systems, except through the responsible-disclosure channel described in Section 7;
  • impersonate any person or entity, or misrepresent your identity, affiliation, or authorization; or
  • violate any applicable law, regulation, sanctions or export-control requirement, or third-party agreement, or to encourage or enable anyone else to do any of the above.

4. Phishing-simulation and training features

The Service includes phishing-simulation and security-awareness training features. These features may be used only to test personnel of your own organization whom you are authorized to test, for legitimate, internal security-awareness and training purposes. You are responsible for confirming that your use of these features complies with all applicable employment, privacy, electronic-monitoring, and consumer-protection laws and with your own internal policies.

  • You must not use the phishing-simulation features to deceive, defraud, harass, harm, or test any real third party, member of the public, customer, vendor, or anyone outside your authorized internal audience.
  • You must not use simulated messages to capture real credentials, payment details, or other sensitive data for any purpose other than the intended training and reporting, or to gain unauthorized access to any account or system.
  • Simulation content must be used solely for training and must not be repurposed to conduct an actual phishing or fraud campaign.

5. Fair use, automation, and rate limits

The Service is a shared, multi-tenant platform. Your use must be reasonable and must not degrade the Service or the experience of other customers. Automated and API-based use must stay within the limits, quotas, and throttles documented for your plan or in our API documentation, and must honor any rate-limiting responses, retry, and backoff signals the Service returns.

  • Do not attempt to exceed, evade, or work around your plan's limits, including by using multiple accounts, credentials, or IP addresses to obtain capacity beyond what your plan provides.
  • Schedule recurring or bulk scans responsibly so they do not place an unreasonable load on the Service or on the systems you are authorized to test.
  • We may apply technical limits to protect the Service and may treat attempts to circumvent them as a violation of this AUP.

6. Enforcement

We may, but are not obligated to, investigate any suspected violation of this AUP. To protect the Service, our customers, and third parties, and with or without prior notice where we deem it necessary, we may:

  • throttle, suspend, restrict, or terminate your access to all or part of the Service;
  • remove, disable, or quarantine content, scans, targets, or configurations associated with the suspected violation;
  • require you to provide proof of authorization for any target before restoring access; and
  • report suspected illegal activity to law enforcement or other appropriate authorities and cooperate with their investigations.

We will use reasonable efforts to give notice where practical, but we may act immediately and without notice when we believe doing so is necessary to prevent harm, stop ongoing abuse, protect the Service or third parties, or comply with law. Our exercise — or non-exercise — of these rights does not waive any other right or remedy available to us, and does not limit your responsibility for your use of the Service.

7. Reporting abuse or vulnerabilities

If you become aware of any violation of this AUP, abuse of the Service, or a suspected security vulnerability in the Service or our infrastructure, please report it to security@resolute-security.com. Please do not exploit, expand, or publicly disclose a suspected vulnerability before giving us a reasonable opportunity to investigate and remediate it. Good-faith security testing of Resolute Security's own systems is welcome only through this channel.

8. Changes to this policy

We may update this AUP from time to time. When we do, we will post the revised version here and update the effective date above. Material changes will be announced by email where we have one on file. Your continued use of the Service after a change takes effect constitutes acceptance of the updated AUP. If you do not agree to the changes, you must stop using the Service.