This Acceptable Use Policy ("AUP") governs your use of the Aegis Intercept platform, APIs, and all related services (collectively, the "Platform"). This AUP is incorporated by reference into the Terms of Service and is binding on all users and subscribers. Violations may result in immediate suspension or termination of your account without refund.

You may use the Platform for:

• Internal business risk assessment — evaluating geopolitical or city-level risk for your organization's operational planning, site selection, or business continuity programs.
• Travel risk management — assessing destination risk to support corporate travel safety programs, duty-of-care obligations, and traveler briefing materials, in conjunction with official government travel advisories.
• Compliance screening assistance — using Platform data as one informational input in your organization's screening and due diligence workflows, with independent verification from qualified legal counsel.
• Supply chain risk evaluation — assessing country or regional risk factors relevant to supply chain resilience, vendor concentration, and procurement decisions.
• Security awareness and briefing — using risk intelligence to prepare internal briefings for employees, executives, or board-level risk committees.
• API integration — integrating Platform data into your own internal tools and dashboards pursuant to your API license, subject to the restrictions in Section 3.

2.1 Discrimination and Individual Targeting

• Using risk scores or Platform data to discriminate against, profile, or make adverse decisions about individual persons based on their national origin, ethnicity, religion, or other protected characteristics.
• Using Platform data to surveil, track, or build dossiers on specific private individuals.
• Incorporating risk scores into automated decision-making systems that produce legal or similarly significant effects on individual people without appropriate human review and legal safeguards.

2.2 Data Resale and Redistribution

• Reselling, sublicensing, or redistributing raw Platform data, scores, or API output to any third party without express written authorization from Aegis Intercept.
• Incorporating Platform data into a competing risk intelligence product or service.
• Bulk exporting or scraping Platform data beyond the scope of your licensed API access.
• Publishing or publicly disclosing Platform data in a manner that would allow a third party to reconstruct Platform scoring methodology.

2.3 Reverse Engineering and System Integrity

• Attempting to reverse-engineer, decompile, or derive the Platform's scoring methodology, composite index formulas, or weighting models.
• Attempting to circumvent, disable, or bypass authentication controls, rate limits, MFA requirements, or any other security measure.
• Probing, scanning, or testing the Platform's infrastructure for vulnerabilities without prior written authorization.
• Injecting malicious code, conducting denial-of-service attacks, or attempting to disrupt Platform availability.

2.4 Credentials and API Keys

• Sharing your account password, session credentials, or API keys with any third party.
• Allowing unauthorized persons to access the Platform using your credentials.
• Creating fictitious or unauthorized accounts.
• Using another user's credentials to access the Platform.

2.5 Illegal and Harmful Uses

• Using the Platform in violation of any applicable local, state, national, or international law or regulation.
• Using Platform data to facilitate or plan illegal activities, including sanctions violations, export control violations, or activities that harm individuals.
• Using Platform data in connection with any application that could endanger health or safety without appropriate human oversight and professional review.

In addition to the general prohibitions above, API access is subject to the following specific rules:

• You must not automate requests in a manner designed to circumvent daily rate limits (e.g., by rotating API keys or distributing requests across multiple accounts).
• API keys must be stored securely and must not be embedded in publicly accessible client-side code, public repositories, or shared documents.
• If you suspect your API key has been compromised, you must revoke it immediately via the Platform dashboard and notify us at security@aegisintercept.com.
• API responses must not be cached and served to users as real-time data beyond reasonable application-layer caching periods (typically not exceeding 1 hour for dynamic risk data).

You are responsible for maintaining the security of your account credentials. You must:

• Use a strong, unique password for your Aegis Intercept account.
• Complete MFA enrollment and protect your authenticator device or app.
• Log out of active sessions when using shared or public devices.
• Revoke API keys that are no longer in use or that may have been exposed.
• Notify us promptly of any suspected unauthorized access to your account at security@aegisintercept.com.

We are not liable for losses or damages resulting from your failure to protect your credentials.

We reserve the right to investigate potential AUP violations and to take any of the following actions in our sole discretion:

• Issue a warning and request remediation.
• Temporarily suspend API access or account access.
• Immediately terminate the subscription without refund.
• Report violations to law enforcement or regulatory authorities where required by law.
• Pursue legal remedies for damages caused by violations.

If you become aware of any violation of this AUP, including unauthorized access, abuse of the API, or misuse of Platform data, please report it to us:

• Security issues and credential compromise: security@aegisintercept.com
• AUP violations and abuse reports: legal@aegisintercept.com

We take all reports seriously and will investigate promptly. We do not retaliate against individuals who report violations in good faith.