Acceptable Use Policy

Last Updated: March 2026

1. Purpose

This Acceptable Use Policy ("AUP") defines the acceptable and prohibited uses of the DriftAlarm platform.

This AUP is incorporated by reference into the Terms of Service.

Violation of this AUP may result in suspension or termination of your account.

2. Authorized Use

DriftAlarm is designed for External Attack Surface Management of YOUR assets.

You may only scan domains, IP addresses, and IP ranges that meet ONE of the following criteria:

  • You own the asset
  • You have explicit written authorization from the asset owner to perform security scanning
  • You are acting as an authorized agent (e.g., MSP, security consultant) with documented client authorization

You must maintain proof of authorization for all scanned assets and make it available to DriftAlarm upon request.

Authorization must cover the types of scanning performed by DriftAlarm, including: DNS enumeration, port scanning, web crawling, vulnerability detection, SSL/TLS testing, technology fingerprinting, and DAST analysis.

3. Prohibited Activities

You may NOT use DriftAlarm to:

  • Scan targets without proper authorization
  • Conduct denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks
  • Attempt to exploit vulnerabilities discovered through the Service
  • Use the VALIDATE feature against targets you do not own or are not authorized to test
  • Resell, redistribute, or commercially repackage scan results without written permission
  • Circumvent tier limits, rate limits, or concurrency restrictions
  • Use API keys for automated mass scanning beyond your tier limits
  • Share account credentials with unauthorized parties
  • Use the Service to develop competing products
  • Interfere with or disrupt the Service or other users' access
  • Upload malicious content or attempt to compromise the platform
  • Use scan results to blackmail, extort, or coerce asset owners
  • Misrepresent your identity or authorization status

4. Rate Limits and Fair Use

Scanning is subject to the following tier-specific limits:

  • Trial: 10 Fast/wk, 5 Deep/wk, 3 Scheduled/wk, No API
  • Standard: 10 Fast/wk, 5 Deep/wk, 3 Scheduled/wk, 60 API req/min
  • Pro: 50 Fast/wk, 25 Deep/wk, 15 Scheduled/wk, 300 API req/min
  • Enterprise: Unlimited scans, 600 API req/min

System-wide maximum concurrent scans: 10.

Excessive scanning that impacts platform performance may be throttled.

Custom rule limits:

  • Trial: 5
  • Standard: 10
  • Pro: 25
  • Enterprise: Unlimited

5. Responsible Disclosure

If DriftAlarm scanning reveals vulnerabilities in systems you are authorized to scan, you are encouraged to follow responsible disclosure practices.

Do not publicly disclose vulnerability details before the asset owner has been notified and had reasonable time to remediate.

DriftAlarm is not liable for vulnerabilities discovered during authorized scans.

If you discover a vulnerability in DriftAlarm itself, please report it to support@driftalarm.com.

6. AI Analysis Guidelines

AI-generated remediation guidance, risk scoring, and reports are advisory only.

AI recommendations should be verified by qualified personnel before implementation.

AI analysis accuracy depends on the quality and completeness of scan data.

Do not rely solely on AI recommendations for critical security decisions.

7. Data Usage

You may use scan data and reports for internal security purposes.

Sharing scan results with authorized personnel within your organization is permitted.

Sharing scan results with third parties (clients, auditors, regulators) is permitted when the data pertains to assets you own or are authorized to manage.

Using scan data for competitive intelligence against the scanned organization is prohibited.

8. Enforcement

DriftAlarm reserves the right to:

  • Investigate suspected AUP violations
  • Suspend scanning for specific targets pending investigation
  • Temporarily or permanently suspend accounts for confirmed violations
  • Report illegal activities to appropriate law enforcement

For non-egregious violations: we will provide email notice and a reasonable period to cure before suspension.

For egregious violations (unauthorized scanning, attempted exploitation, DoS attacks): immediate suspension without prior notice.

Appeals may be directed to support@driftalarm.com.

9. Reporting Violations

To report a suspected AUP violation: support@driftalarm.com

To report unauthorized scanning of your assets: support@driftalarm.com

Include: description of the issue, relevant IP addresses/domains, timestamps, and any supporting evidence.

10. Related Policies

Terms of Service|Privacy Policy|Acceptable Use|DPA