Anti-Abuse Policy

3.1 License Scope Stuffing

Using the Services, Content, or any Subscription to cover entities, brands, business units, geographies, monitored assets, agencies, or use cases beyond what is expressly named or quantified on the applicable Order Form or Billable Service Ticket. This includes, without limitation:

• Adding monitored entities, keywords, queries, domains, IP ranges, or assets beyond the contracted quantities
• Extending coverage to subsidiaries, affiliates, portfolio companies, joint ventures, or related entities not named on the Order Form and not qualifying as an Affiliate under MSA Section 1
• Using a single-agency, single-tenant, or single-business-unit Subscription to deliver coverage to multiple agencies, tenants, or business units
• Applying a Subscription scoped to one geography, jurisdiction, or operating unit to additional geographies, jurisdictions, or units
• Using a Subscription purchased for a defined use case (e.g., executive protection) for a different or broader use case (e.g., enterprise-wide GSOC)

3.2 Account Sharing Outside the Organization

Permitting access to the Services, Content, dashboards, alerts, exports, reports, or any DigitalStakeout-derived output by individuals or entities that are not Users under MSA Section 1. This includes, without limitation:

• Sharing User credentials, session tokens, MFA factors, or password vaults with anyone other than the assigned User
• Granting access to consultants, contractors, or third parties who have not been provisioned as Users and who are not transacting business with the Subscriber within the meaning of MSA Section 1
• Forwarding alerts, reports, dashboards, or exports to recipients outside the Subscriber’s organization, except as expressly authorized in the Order Form or Documentation
• Reassigning a User identification to a new individual in any manner inconsistent with MSA Section 4.2(c)
• Operating shared, generic, or "team" accounts in lieu of named User accounts where the Service supports per-User authentication

3.3 Bypassing Controls

Circumventing, disabling, or attempting to circumvent or disable any technical, contractual, or operational control on Our Services, including without limitation:

• Exceeding seat limits, query volumes, alert quotas, ingestion volumes, retention windows, report counts, or other usage limits stated in the Order Form, Documentation, or Service tier definition
• Defeating or evading rate limiters, throttles, IP allowlists, geofencing, MFA requirements, audit logging, or session controls
• Sharing API keys, service account credentials, or OAuth tokens with non-Users, or routing API traffic for non-Users through a Subscriber’s authorized credentials
• Operating multiple lower-tier Subscriptions across related entities or aliases for the purpose of avoiding a higher-tier Subscription, volume commitment, or feature gate
• Scraping the user interface, automating the UI, or constructing unofficial integrations specifically to defeat documented entitlements or feature gating
• Tampering with, suppressing, or falsifying logs, telemetry, or audit records that We rely on to verify compliance

3.4 Unauthorized Resale, White-Labeling, and Service-Provider Delivery

Reselling, sublicensing, redistributing, white-labeling, or otherwise making the Services, Content, or DigitalStakeout-derived outputs available to third parties as part of a commercial offering, without an executed Authorized Reseller, Premier Partner, Elite Partner, or Service Provider agreement that expressly covers the offering. This is independently prohibited by MSA Section 4.4(a) and (b) and includes, without limitation:

• Operating a managed security service, GSOC-as-a-service, threat intelligence service, executive protection service, or similar offering on top of a direct end-customer Subscription, where the Subscriber’s customers receive the benefit of the Services
• Rebranding or removing DigitalStakeout branding from any offering or any other Service or output, and presenting the result as the Subscriber’s own product
• Embedding alerts, reports, intelligence, graph data, or screenshots of the Services into deliverables sold or provided to the Subscriber’s clients, beyond the limited internal-use rights granted under the MSA
• Acting as an undisclosed intermediary, fronting a Subscription on behalf of an undisclosed end customer that has not signed the MSA
• Including Services or Content in any "service bureau or outsourcing offering" prohibited by MSA Section 4.4(b)

3.5 Unauthorized Bidding, Proposing, and Market Representation

Naming DigitalStakeout, identifying any of Our Services or products, citing Our pricing or capabilities, attaching Our materials, or otherwise representing that the proposing party is authorized to deliver DigitalStakeout-based solutions, in any of the following contexts, without an executed partner agreement covering the specific opportunity and a written deal registration approved by Us:

• RFP, RFI, RFQ, ITB, or similar solicitation responses
• Statements of work, teaming agreements, or subcontractor agreements with prime contractors
• Federal, state, local, tribal, or international government bids, including bids submitted under set-aside, schedule, or vehicle programs
• Marketing materials, capability statements, websites, or sales collateral that imply an authorized reseller, partner, OEM, or service provider relationship that does not exist
• Listings on procurement portals, vendor registration systems, or marketplace catalogs that present the proposing party as a source of supply for DigitalStakeout Services

A direct end-customer Subscription does not, by itself, confer any right to bid, propose, or market DigitalStakeout Services to third parties. Authorization to do so is governed exclusively by the DigitalStakeout Partner Program.

3.6 Affiliate and Related-Entity Piggybacking

Extending the benefit of a Subscription to entities that are not the Subscriber and do not qualify as Affiliates under the MSA Section 1 definition (more than 50% common ownership or control). This includes, without limitation:

• Sister companies, portfolio companies, and partner organizations under common minority ownership
• Newly acquired or divested entities, beyond the transition period (if any) expressly stated in the Order Form
• Joint ventures, consortia, and special-purpose vehicles in which the Subscriber participates
• Government agencies, departments, or component organizations that share infrastructure with the Subscriber but are separately constituted

3.7 Output Redistribution

Republishing, reselling, syndicating, or otherwise redistributing alerts, intelligence reports, feeds, or any other DigitalStakeout-derived output, beyond the rights expressly granted in the Order Form and Documentation. This includes, without limitation:

• Posting Content or output to public channels, mailing lists, or threat intelligence sharing communities outside the Subscriber’s organization
• Including Content or output in client-facing newsletters, briefings, or publications without an Order Form line item authorizing external distribution
• Providing Content or output to a third party as part of a paid engagement (see also Section 3.4)
• Training, fine-tuning, or seeding any model, dataset, or product with bulk-exported Content (see also Section 3.11)

3.8 Identity Misuse on Free Trials, Free Services, and Beta

Using free trials, Free Services, or Beta Services in a manner inconsistent with their stated purpose, or to evade the terms applicable to paid use. This includes, without limitation:

• Registering successive trials under different corporate identities, email domains, or aliases to extend free access
• Using Free Services or Beta Services for production workloads, client deliverables, or commercial offerings
• Accessing free or trial Services for benchmarking, competitive analysis, market research, journalism, or academic study, contrary to the access restrictions stated in the MSA preamble and MSA Section 4.4(m)
• Staging production data, configurations, or integrations on free or trial Services in lieu of executing a paid Order Form

3.9 Procurement Misrepresentation

Providing inaccurate, incomplete, or misleading information at the point of purchase, renewal, or scope expansion in order to qualify for pricing, tiering, or terms that the Subscriber would not otherwise be entitled to. This includes, without limitation:

• Misstating organization size, employee count, agency count, monitored entity count, or revenue
• Mischaracterizing the intended use case, end users, or end customers of the Subscription
• Purchasing commercial pricing for a federal end use without acknowledging the FAR 12.211 / 12.212 and DFAR provisions in MSA Section 7.4
• Purchasing single-tenant pricing for a multi-tenant deployment, or single-agency pricing for a multi-agency deployment

3.10 Prohibited Use Disguised as Authorized Use

Using the Services for purposes that are independently prohibited by the MSA, while presenting the activity internally or externally as ordinary authorized use. This includes, without limitation:

• Conducting criminal profiling, targeting, tracking, pattern-of-life development, or dossier surveillance on individuals, groups, locations, or events, contrary to MSA Section 4.4(i)
• Accessing the Services as a competitor, researcher, market analyst, journalist, or academic, contrary to the MSA preamble
• Using the Services for benchmarking, competitive analysis, or to build a competing product, contrary to the MSA preamble and Section 4.4(m)
• Using the Services to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or material in violation of third-party privacy rights

3.11 Data Exfiltration for Derivative Products

Using the Services or Content as a source for building, training, seeding, or enriching any product, dataset, model, taxonomy, or platform that is offered, distributed, or used outside the Subscriber's permitted internal use. This includes, without limitation:

• Bulk-exporting Content, entity registries, threat actor data, taxonomy, graph schema, or correlation rules for use beyond the Subscription’s authorized scope
• Training or fine-tuning machine learning models on Content or Service outputs
• Seeding a competing or adjacent vendor’s platform with DigitalStakeout-derived data

This Section is independent of, and reinforces, the prohibitions in MSA Sections 4.4(a), (b), (j), (k), and (m).

3.12 Sanctions, Export, and Denied-Party Violations

Provisioning Users, granting access, or directing Service activity in any manner inconsistent with MSA Section 14.1 (Export Compliance) or with applicable U.S. or other sanctions, export control, or denied-party laws. This includes, without limitation, granting access to Users in U.S.-embargoed jurisdictions or to parties named on any U.S. government denied-party list.

3.13 Audit Obstruction and False Attestation

Refusing to cooperate in good faith with usage verification, scope verification, or compliance review reasonably requested by Us; providing false or misleading attestations, declarations, or certifications; or tampering with, suppressing, deleting, or falsifying records that We rely on to verify compliance with the MSA, an Order Form, a Billable Service Ticket, or this Policy.