Acceptable Use Policy

Last updated: February 16, 2026 · Version: 1.0

1. Introduction and Scope

This Acceptable Use Policy ("Policy" or "AUP") defines the rules and guidelines for the use of the HAS — HackerSec Advanced Security platform ("Platform") and all services offered by HackerSec Inovação em Cibersegurança Ltda. ("HackerSec").

This Policy supplements and is an integral part of the Terms of Service and the Privacy Policy. In the event of a conflict between this Policy and the Terms of Service, the Terms of Service shall prevail.

By accessing or using the Platform, you agree to comply with this Policy in its entirety. Violation of this Policy may result in the suspension or termination of your account, as detailed in Section 10.

This Policy applies to all Platform users, including, but not limited to: Clients (companies and individuals that contract services), Pentesters (professionals who perform security tests), and any other authorized users.

2. Authorized Use

The Platform must be used exclusively for the following legitimate purposes:

  • Clients:
    • Request, track, and manage security tests (pentests) on their own digital assets or assets for which they have legitimate and documented authorization
    • View vulnerability reports, track remediation, and request retests
    • Manage account information, payments, and subscriptions
    • Communicate with the HackerSec team about ongoing tests
  • Pentesters:
    • Perform security tests exclusively within the authorized scope defined for each test
    • Report vulnerabilities found accurately and responsibly
    • Document technical evidence necessary for reports
    • Communicate with Clients and HackerSec team about assigned tests

3. Security Testing Scope

Security tests conducted through the Platform must strictly observe the following rules:

3.1. Authorization

  • Tests may only be performed on digital assets for which the Client has legitimate and verifiable authorization
  • The Client is fully responsible for ensuring they have valid authorization to request security tests on the designated assets
  • HackerSec may, at its sole discretion, request supporting documentation of authorization before initiating any test

3.2. Scope Boundaries

  • Pentesters must operate exclusively within the scope defined for each test on the Platform
  • Any activity outside the authorized scope is strictly prohibited
  • If a Pentester identifies potential vulnerabilities outside the scope, they must report them to HackerSec without exploiting them

3.3. Responsible Conduct

  • Tests must be conducted professionally, minimizing impact on the Client's systems and service availability
  • Denial of service attacks (DoS/DDoS) are prohibited unless expressly authorized in writing within the test scope
  • Exfiltration of real data (personal data, trade secrets, confidential information) is prohibited. Pentesters must demonstrate the vulnerability without extracting unnecessary sensitive data
  • Social engineering against employees or third parties is prohibited unless expressly included in the test scope

4. Prohibited Conduct

The following behaviors are strictly prohibited when using the Platform and HackerSec's services:

4.1. Illegal Activities

  • Use the Platform for any illegal or unauthorized purpose
  • Perform security tests on assets without legitimate authorization from the owner
  • Use information obtained during tests for criminal activities, extortion, blackmail, or any malicious purpose
  • Violate privacy, data protection, or any other applicable laws

4.2. Platform Abuse

  • Attempt to access other Platform users' accounts, data, or systems without authorization
  • Reverse engineer, decompile, or disassemble any part of the Platform
  • Use bots, scrapers, or automated tools to access the Platform in an unauthorized manner
  • Intentionally overload the Platform's infrastructure
  • Circumvent or attempt to circumvent the Platform's security, authentication, or authorization controls
  • Share, resell, or sublicense access to the Platform

4.3. Unethical Conduct

  • Fabricate, falsify, or exaggerate vulnerabilities in reports
  • Submit plagiarized, automatically generated without verification, or deliberately misleading reports
  • Publicly disclose vulnerabilities found or disclose them to third parties without express written authorization from the Client and HackerSec
  • Withhold information about critical vulnerabilities for personal advantage
  • Harass, threaten, or intimidate other Platform users

4.4. Confidentiality Violations

  • Disclose confidential information of Clients, tests, vulnerabilities, or HackerSec
  • Use confidential information for purposes unrelated to the provision of contracted services
  • Share test credentials, access, or tokens with unauthorized persons
  • Store Client confidential data on unauthorized personal devices or services

5. User Content

By submitting content to the Platform (including reports, scope descriptions, comments, communications, and documentation), you warrant that:

  • You have the necessary rights to share such content
  • The content is accurate, truthful, and not deliberately misleading
  • The content does not infringe on the intellectual property rights of third parties
  • The content does not contain malware, malicious code, or any harmful material directed at the Platform or its users
  • The content is not defamatory, obscene, discriminatory, or offensive

HackerSec reserves the right to remove any content that violates this Policy, without prior notice and at its sole discretion.

6. Account Security

You are responsible for the security of your Platform account and must:

  • Use a strong, unique password not shared with other services
  • Not share your access credentials with third parties
  • Notify HackerSec immediately in case of suspected unauthorized access or credential compromise
  • Keep your contact information up to date
  • Log out when accessing the Platform on shared devices

You are responsible for all activities conducted through your account, regardless of whether they were authorized by you. HackerSec is not liable for losses or damages arising from unauthorized use of your account when such use results from negligence in protecting your credentials.

7. Client Obligations

When requesting security testing services, the Client agrees to:

  • Legitimate authorization: ensure they have legitimate authorization to request tests on the designated assets, being fully responsible for any consequences arising from tests performed without adequate authorization
  • Accurate information: provide complete and accurate scope information, including URLs, IP ranges, test environments, and any applicable restrictions
  • Change notification: immediately inform HackerSec of any changes in scope, asset ownership, or authorization during the test term
  • Test environment: whenever possible, provide segregated test environments to minimize production risks
  • Backups: maintain up-to-date backups of systems submitted for testing
  • Cooperation: reasonably cooperate with HackerSec and Pentesters during test execution, providing necessary access and information
  • Vulnerability treatment: analyze and address reported vulnerabilities within reasonable timeframes, prioritizing those classified as high severity or critical

8. Legal Compliance

All Platform users must comply with all applicable laws and regulations, including, but not limited to:

  • Cybercrime and unauthorized access laws (Brazilian Law No. 12,737/2012; Law No. 14,155/2021; Computer Fraud and Abuse Act — CFAA; Computer Misuse Act, and other applicable legislation)
  • Data protection and privacy laws (LGPD, GDPR, CCPA/CPRA, and others)
  • Export regulations and technology controls
  • Intellectual property and trade secret laws
  • Applicable sector-specific regulations (financial, healthcare, telecommunications, government)

HackerSec is not responsible for legal violations committed by Platform users. Use of the Platform does not constitute legal authorization to carry out any activity that violates applicable law.

9. Monitoring and Enforcement

HackerSec reserves the right to:

  • Monitor Platform usage to ensure compliance with this Policy and the Terms of Service
  • Investigate suspicious activities or violation reports
  • Record access and activity logs for security and audit purposes
  • Temporarily suspend access during investigations of potential violations
  • Cooperate with competent authorities when required by law or court order

Monitoring will be conducted proportionally and in compliance with applicable data protection legislation, as described in our Privacy Policy.

10. Consequences of Violation

Violation of this Policy may result, at HackerSec's sole discretion, in one or more of the following measures, proportional to the severity of the violation:

  • Warning: formal notification about the violation and request for immediate compliance
  • Temporary suspension: suspension of Platform access for a determined period, with possibility of reactivation after review
  • Account termination: definitive termination of the account and all associated services, without entitlement to refund of amounts already used
  • Liability: pursuit of compensation for damages caused, including material and moral damages
  • Authority notification: notification to competent authorities when the violation constitutes a criminal or administrative offense

HackerSec will make reasonable efforts to notify the user before taking restrictive measures, except when the severity of the situation requires immediate action to protect the Platform, other users, or third parties.

The application of any measure provided in this Section does not exclude the user's liability for damages caused to HackerSec, other users, or third parties.

11. Reporting

If you become aware of any violation of this Policy, we encourage you to report it immediately to HackerSec through the following channels:

All reports will be treated confidentially. HackerSec will not retaliate against users who report violations in good faith.

12. Changes to This Policy

HackerSec may update this Acceptable Use Policy periodically. Material changes will be communicated by email or notification on the Platform. Continued use of the Platform after the publication of changes constitutes your acceptance of the updated Policy.

13. Contact

For questions related to this Acceptable Use Policy, please contact us:

HackerSec Inovação em Cibersegurança Ltda.

Email: [email protected]

Website: hackersec.com/contato

Address: Avenida Ipanema, 165, Alphaville, Barueri, SP, 06472-002, Brazil