Acceptable Use Policy

Last updated: June 13, 2026

This Acceptable Use Policy (“AUP”) governs all access to and use of the TLINK PRO platform, including its web interface, APIs, scanning infrastructure, threat intelligence feeds, and any associated services (collectively, the “Service”) provided by Admiresty (“we”, “us”, or “our”). By accessing or using the Service you agree to be bound by this AUP in addition to our Terms of Service and Privacy Policy.

TLINK PRO is a professional-grade attack-surface monitoring platform. Its scanning infrastructure actively probes internet-facing assets, collects threat intelligence signals, and surfaces security findings. Because of the inherently active nature of this infrastructure, responsible and authorized use is not optional — it is a strict condition of access.

1. Purpose of This Policy

The purpose of this AUP is to:

  • Define the boundaries of authorized use of the TLINK PRO platform and its underlying scanning infrastructure.
  • Protect third parties from unauthorized scanning, probing, or reconnaissance conducted through our systems.
  • Preserve the integrity, availability, and reputation of the TLINK PRO service for all customers.
  • Ensure compliance with applicable laws, regulations, and industry standards.
  • Establish clear consequences for misuse so that all users understand the risks of policy violations.

This policy applies to all users of the Service, including individual subscribers, teams, enterprise customers, and Managed Security Service Providers (“MSSPs”) operating under an MSSP agreement with Admiresty. It also applies to any third parties who access the Service on behalf of a registered account holder.

2. Permitted Uses

You may use the Service only for lawful purposes consistent with this AUP. The following uses are expressly permitted:

2.1 Monitoring Assets You Own or Control

You may use the Service to monitor domains, IP addresses, certificates, subdomains, cloud resources, and other internet-facing assets that you own outright or that are otherwise under your direct operational control. “Own or control” means that you are the registrant of record, the allocated or assigned holder of the IP space, or the authorized administrator of the hosting environment — as verified by public WHOIS, ARIN/RIPE/APNIC records, or equivalent registries.

For the avoidance of doubt, being an employee or contractor of an organization that owns assets does not, by itself, constitute authorization to add those assets to TLINK PRO. You must have explicit authorization from the asset owner, preferably documented in writing, before adding assets to the platform for monitoring.

2.2 Monitoring Assets with Explicit Written Authorization

You may monitor assets owned by a third party if and only if you have obtained explicit written authorization from that third party prior to adding those assets to the platform. Acceptable forms of written authorization include:

  • A signed scope-of-work or statement-of-work specifying the domains and IP ranges to be monitored.
  • A formal security assessment agreement or penetration testing authorization letter.
  • A vendor or managed service agreement that expressly covers continuous monitoring of the third party's infrastructure.
  • An email or written directive from the asset owner's CISO, CTO, or equivalent authority explicitly authorizing monitoring on their behalf.

You must retain copies of all such authorizations and make them available to Admiresty upon request. Admiresty reserves the right to request proof of authorization at any time and to suspend monitoring of specific assets pending verification.

2.3 Programmatic API Access

You may use API keys issued to your account to programmatically access your own account data, trigger scans of assets already authorized in your account, retrieve alerts and findings, configure monitoring rules, and integrate TLINK PRO data into your own internal security tooling and dashboards. API usage must remain within the rate limits specified in your subscription plan and in the API documentation. Automated access is permitted for legitimate integration and automation purposes but must not be used to circumvent platform limitations or extract data at volumes inconsistent with normal subscription use.

2.4 MSSP Use for Client Infrastructure

Registered MSSP partners operating under a current MSSP agreement with Admiresty may use the Service to monitor client infrastructure on behalf of those clients, subject to the following conditions:

  • Each client whose infrastructure is monitored must have provided documented written authorization to the MSSP prior to the commencement of monitoring. This authorization must clearly specify the scope of assets to be monitored.
  • The MSSP must maintain a current register of client authorizations and must be able to produce these upon request by Admiresty.
  • Client authorizations must be renewed whenever the scope of monitored assets changes materially.
  • MSSPs are responsible for ensuring that their use of the platform on behalf of clients complies with this AUP in its entirety. Violations committed by MSSP operators are attributed to the MSSP account holder.
  • Sub-licensing, white-labeling, or reselling access to the TLINK PRO platform beyond what is expressly permitted under the MSSP agreement is prohibited.

2.5 Security Research and Internal Assessments

You may use the Service to conduct internal security assessments of your own organization's infrastructure, identify exposures and misconfigurations in systems you own or control, and generate reports for internal security programs. You may also use threat intelligence data surfaced by the platform to inform your own defensive security posture, including patching priorities, network hardening decisions, and incident response investigations.

3. Prohibited Uses

The following uses are strictly prohibited. This list is illustrative, not exhaustive. Admiresty reserves the right to determine, in its sole discretion, whether any use not listed here violates the spirit of this AUP.

3.1 Unauthorized Scanning and Reconnaissance

You may not use the Service to scan, probe, fingerprint, enumerate, or monitor domains, IP addresses, subdomains, mail servers, certificates, or any other internet-facing infrastructure that you do not own or have explicit written authorization to monitor. This prohibition applies regardless of whether the target assets are publicly accessible. The fact that an asset is reachable on the public internet does not constitute authorization to actively probe or monitor it using the TLINK PRO scanning infrastructure.

Specific examples of prohibited unauthorized scanning include but are not limited to:

  • Adding a competitor's domains or IP ranges to your monitored assets without authorization.
  • Monitoring the infrastructure of a former employer, partner, or client after your engagement or employment has ended and any authorization has lapsed.
  • Using the platform to map the attack surface of a target organization in preparation for an offensive operation.
  • Scanning IP ranges or domains belonging to government agencies, critical infrastructure operators, financial institutions, or any other entity without authorization.
  • Attempting to discover and enumerate assets belonging to third parties by using the platform's discovery features against unauthorized seed domains.

3.2 Unauthorized Penetration Testing or Offensive Security Operations

You may not use TLINK PRO or its scanning infrastructure as a component of, or in support of, unauthorized penetration testing, red teaming, offensive security research, or any other active exploitation activity directed at systems you do not own or have authorization to attack. Specifically:

  • You may not use the platform to conduct reconnaissance that feeds directly into unauthorized attack operations.
  • You may not use exposure data, open port information, certificate details, or vulnerability findings surfaced by the platform to plan or execute attacks against third-party systems.
  • You may not use the platform to identify, verify, or validate vulnerabilities in systems you are not authorized to test, even if your intent is to report those vulnerabilities.
  • You may not combine TLINK PRO data with other offensive tooling to build an attack pipeline targeting unauthorized systems.

3.3 API Abuse and Rate Limit Circumvention

You may not attempt to circumvent, disable, or work around the rate limits, request quotas, or throttling mechanisms applied to the API or any other part of the platform. Prohibited behaviors include:

  • Rotating API keys, accounts, or IP addresses to exceed rate limits that would otherwise apply to a single account.
  • Using multiple accounts, whether your own or others', to aggregate access beyond what a single subscription plan permits.
  • Sending automated requests at volumes that degrade platform performance for other users or that are disproportionate to legitimate business needs.
  • Exploiting bugs or unintended API behaviors to bypass subscription-tier restrictions.
  • Reverse engineering the platform's internal rate-limiting logic to identify and exploit gaps.

3.4 Facilitating Attacks and Misuse of Threat Intelligence

Threat intelligence data, exposure findings, vulnerability alerts, and other security information provided by the Service is intended solely for defensive security purposes. You may not:

  • Use threat intelligence data surfaced by the platform to plan, prepare, or execute offensive operations against any organization.
  • Share or sell platform-generated intelligence to third parties for use in offensive operations.
  • Use the platform to track or target individuals, organizations, or infrastructure in furtherance of harassment, stalking, or intimidation.
  • Use findings from the platform as evidence to extort, blackmail, or coerce any person or organization.
  • Use the platform to support, enable, or assist state-sponsored attacks, terrorism, organized crime, or any other criminal enterprise.

3.5 Credential Sharing and Account Security

Each account and its associated credentials are for the sole use of the registered account holder and, where applicable, the members explicitly invited to that account. You may not:

  • Share your login credentials, session tokens, or API keys with individuals who are not authorized members of your account.
  • Allow a single set of credentials to be used concurrently by multiple individuals who have not been granted individual seats.
  • Transfer account access to a third party without Admiresty's prior written consent.
  • Use another user's credentials to access the platform, even with that user's permission, if doing so circumvents seat-based licensing.
  • Create shared or pooled credentials intended for use by multiple individuals across an organization as a means of avoiding per-seat fees.

3.6 Unauthorized Resale of Platform Access

You may not resell, sublicense, white-label, or otherwise provide third parties with access to the TLINK PRO platform or its capabilities unless you have entered into a formal MSSP agreement with Admiresty that expressly permits such use. This prohibition applies to:

  • Offering TLINK PRO as a component of a managed security service without an MSSP agreement in place.
  • Providing third-party clients with direct or indirect access to the platform dashboard, API, or data streams without authorization.
  • Bundling TLINK PRO access into a product or service offering sold to third parties without Admiresty's knowledge and written consent.
  • Charging third parties for access to TLINK PRO-generated reports, alerts, or data exports that are re-branded or otherwise presented as the reseller's own product.

3.7 Malicious Content and Code Injection

You may not upload, transmit, introduce, or attempt to introduce any malicious content, code, or data into the platform or its infrastructure. This includes:

  • Uploading malware, ransomware, spyware, trojans, worms, or any other malicious software to the platform.
  • Attempting SQL injection, cross-site scripting (XSS), server-side template injection, or any other injection attack against the platform's web interface or API endpoints.
  • Submitting crafted input designed to exploit vulnerabilities in the platform's parsing, processing, or storage logic.
  • Attempting to execute arbitrary code on platform infrastructure through any means, including file uploads, API parameters, webhook payloads, or integration endpoints.
  • Introducing data designed to corrupt, overwrite, or interfere with the platform's databases, scanning queues, or alerting systems.

3.8 Unauthorized Data Scraping and Bulk Export

You may not use automated scripts, bots, crawlers, or other automated means to scrape or bulk-export data from the platform beyond what is provided through the official API and within the limits of your subscription plan. Prohibited behaviors include:

  • Using headless browsers or web scraping libraries to extract data from the platform dashboard at scale.
  • Systematically downloading all findings, alerts, reports, or other data in a manner designed to replicate or archive the platform's data for use outside the Service.
  • Using the API to export data volumes that are inconsistent with your subscription tier or that appear designed to enable mass redistribution of platform data.
  • Automating the extraction of threat intelligence data for the purpose of building a competing product or service.

3.9 Unauthorized Access to Other Users' Data

You may not attempt to access, view, modify, or interfere with the accounts, data, assets, findings, or configurations of any other TLINK PRO user or organization. This includes:

  • Exploiting API vulnerabilities or misconfigured authorization checks to access other tenants' data.
  • Attempting to enumerate or infer information about other users' accounts, monitored assets, or findings through timing attacks, error messages, or other side-channel methods.
  • Using social engineering to obtain access to another user's account or to convince Admiresty support staff to grant unauthorized access.
  • Attempting to escalate privileges within the platform to gain access to administrative functions or other users' data.

If you discover a vulnerability in the platform that could enable unauthorized access to other users' data, you must report it to security@admiresty.co immediately and must not exploit it, disclose it publicly, or share it with any third party prior to remediation.

3.10 Violations of Applicable Law or Regulation

You may not use the Service in any manner that violates applicable local, state, national, or international law or regulation, including but not limited to:

  • The Computer Fraud and Abuse Act (CFAA) or equivalent computer crime statutes in your jurisdiction.
  • The EU Network and Information Security (NIS2) Directive and its national implementations.
  • Export control laws, including U.S. Export Administration Regulations (EAR) and Office of Foreign Assets Control (OFAC) sanctions regulations.
  • Data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and their equivalents.
  • Laws prohibiting unauthorized interception of electronic communications.
  • Laws prohibiting the facilitation of criminal activity, including money laundering, fraud, or financing of terrorism.

You are solely responsible for ensuring that your use of the Service complies with all applicable laws in your jurisdiction and in the jurisdictions where your monitored assets are located.

3.11 Interference with Platform Operations

You may not take any action that interferes with the normal operation of the platform, degrades the service experience for other users, or imposes an unreasonable load on platform infrastructure. This includes:

  • Launching denial-of-service attacks against the platform or its underlying infrastructure.
  • Submitting malformed requests at scale designed to trigger errors, exhaust processing resources, or disrupt scanning queues.
  • Exploiting the platform's scanning infrastructure to indirectly attack third-party systems by configuring it to probe unauthorized targets at high frequency.
  • Interfering with the integrity of monitoring data by injecting false findings, manipulating alert thresholds, or otherwise corrupting the data pipeline.

4. Enforcement and Consequences

Admiresty takes violations of this AUP seriously. Upon becoming aware of a potential violation, we may take any or all of the following actions at our sole discretion:

  • Immediate suspension: We may suspend access to your account, specific assets, or specific features without prior notice if we determine that continued access poses an immediate risk to third parties, the platform, or Admiresty's reputation.
  • Investigation: We may investigate potential violations by reviewing account activity logs, scanning patterns, API usage, and other telemetry. You agree to cooperate with any such investigation.
  • Warning and remediation: For first-time or minor violations, we may issue a written warning and require you to take corrective action within a specified timeframe.
  • Account termination: Serious, repeated, or willful violations will result in permanent termination of your account and all associated accounts. Terminated accounts are not eligible for refunds of prepaid subscription fees.
  • Permanent ban: Individuals or organizations whose accounts are terminated for AUP violations may be permanently banned from creating new accounts on the TLINK PRO platform.
  • Legal action: We reserve the right to pursue civil or criminal legal action against users who violate this AUP, including seeking injunctive relief and damages where appropriate.
  • Law enforcement referral: We reserve the right to report illegal activity to appropriate law enforcement agencies, including providing account information, usage logs, and other relevant data as required by law or as we deem appropriate in response to illegal conduct.
  • Notification of affected parties: Where a violation has resulted in harm to identifiable third parties, we may notify those third parties or assist them in taking appropriate action.

Admiresty's failure to enforce any provision of this AUP in a particular instance does not constitute a waiver of our right to enforce that provision in the future. Enforcement decisions are made on a case-by-case basis and are not precedential.

5. Reporting Violations

If you become aware of any use of the TLINK PRO platform that you believe violates this AUP, we encourage you to report it to us. Reports can be submitted to:

abuse@admiresty.co

When submitting an abuse report, please include as much detail as possible, including the nature of the suspected violation, any evidence you have observed (such as scanning activity originating from TLINK PRO infrastructure against your systems), timestamps, IP addresses, and any other relevant information. We treat all abuse reports confidentially and will not disclose the identity of the reporter without consent except as required by law.

If you believe you have identified a security vulnerability in the TLINK PRO platform itself, please report it to security@admiresty.co rather than the abuse address, and do not disclose it publicly prior to coordinated disclosure.

6. Changes to This Policy

Admiresty may update this AUP from time to time to reflect changes in the Service, applicable law, or industry best practices. We will notify registered users of material changes via email and by posting a notice on the platform dashboard. Continued use of the Service after the effective date of any revised AUP constitutes acceptance of the updated terms.

If you disagree with a change to this AUP, your sole remedy is to stop using the Service and to terminate your subscription in accordance with the Terms of Service.

7. Contact

Questions about this Acceptable Use Policy may be directed to:

Admiresty
admiresty.co