Acceptable Use Policy

You may use HAIEC to:

• Assess your own organization's compliance posture against supported frameworks
• Scan repositories you own or have authorized access to for security vulnerabilities
• Generate compliance reports and evidence packages for your organization
• Use the GitHub App on repositories where you have installation permissions
• Access the API within documented rate limits using valid API keys
• Integrate HAIEC into your CI/CD pipelines for automated compliance checks
• Download and use compliance templates for your organization

You may not use HAIEC to:

• Scan unauthorized repositories: Do not scan repositories you do not own or have explicit authorization to scan.
• Misrepresent compliance status: Do not use HAIEC reports or artifacts to claim certifications (e.g., “SOC 2 certified”) that you have not obtained through a qualified auditor. HAIEC provides readiness assessments, not certifications.
• Circumvent security controls: Do not attempt to bypass authentication, rate limiting, tenant isolation, or other security measures.
• Abuse rate limits: Do not use automated tools to exceed documented API rate limits or generate excessive traffic.
• Reverse engineer: Do not reverse engineer, decompile, or attempt to extract the source code of HAIEC's proprietary engines.
• Resell or redistribute: Do not resell, sublicense, or redistribute HAIEC services or outputs without written authorization.
• Upload malicious content: Do not upload malware, exploit code, or content designed to compromise the platform or other users.
• Impersonate others: Do not create accounts impersonating other individuals or organizations.
• Violate laws: Do not use HAIEC in any manner that violates applicable local, state, national, or international law.
• Interfere with service: Do not take any action that imposes an unreasonable load on our infrastructure or interferes with other users' access.

• Respect documented rate limits (100 requests per 15 minutes for API endpoints)
• Use API keys only for their intended purpose
• Do not share API keys or embed them in client-side code
• Implement proper error handling and retry logic with exponential backoff
• Include a descriptive User-Agent header in API requests

Violations of this AUP may result in:

• Warning: For first-time or minor violations, we will notify you and request corrective action.
• Temporary suspension: For repeated or serious violations, we may temporarily suspend your access.
• Account termination: For severe or willful violations, we may permanently terminate your account.
• Legal action: For violations that cause harm to HAIEC or third parties, we reserve the right to pursue legal remedies.

We will make reasonable efforts to contact you before taking enforcement action, except where immediate action is necessary to protect the platform or other users.