Acceptable Use Policy

1. Introduction

This Acceptable Use Policy (“Policy”) governs your use of RiskForce LLC's (“RiskForce”) cybersecurity and risk management services, applications, and platforms (collectively, the “Services”). This Policy applies to all users of the Services, including customers, authorized users, administrators, and any person or entity that accesses or uses the Services.

By accessing or using the Services, you agree to comply with this Policy. RiskForce reserves the right to modify this Policy at any time by posting an updated version on our website.

RiskForce may enter into separate written agreements (such as Enterprise Agreements, Master Service Agreements, or Government Contracts) with businesses, organizations, or government entities. In the event of any conflict between this Policy and a custom agreement, the custom agreement will prevail to the extent of the conflict.

2. Purpose

The purpose of this Policy is to:

• Protect the security, integrity, and availability of the Services
• Protect the privacy and data of all Users
• Ensure compliance with applicable laws and regulations
• Establish clear guidelines for acceptable and unacceptable use
• Maintain a secure environment for risk management activities

3. Acceptable Use

You may use the Services only for lawful purposes and in accordance with this Policy. You agree to use the Services in a manner that:

• Adheres to all applicable local, state, national, and international laws and regulations
• Supports genuine risk management, compliance, and cybersecurity objectives
• Ensures the accuracy and reliability of data entered into the Services
• Does not unreasonably burden system resources and follows any published guidelines for API usage or data processing limits

4. Prohibited Use

You may not use the Services in any manner that could damage, disable, overburden, or impair the Services or interfere with any other party's use. The following activities are expressly prohibited:

4.1 Illegal Activities

• Using the Services to commit or facilitate any criminal offense
• Accessing, storing, or transmitting information in violation of data protection or privacy laws
• Using the Services for money laundering, terrorist financing, or other financial crimes

4.2 Security Violations

• Attempting to gain unauthorized access to the Services or related systems or networks
• Circumventing or testing the vulnerability of security measures
• Introducing malicious code, including viruses, worms, Trojan horses, ransomware, spyware, or other harmful components
• Conducting denial of service attacks or other disruptive activities

4.3 Malicious Submissions

• Submitting code samples or technical solutions that contain malicious code, backdoors, or deliberately introduced vulnerabilities
• Recommending techniques that are unethical, illegal, or violate standard security practices
• Falsely presenting harmful code or techniques as legitimate security mitigations

4.4 Misuse of Data

• Uploading or sharing content that infringes upon intellectual property rights
• Uploading content that is harassing, threatening, defamatory, fraudulent, or discriminatory
• Using the Services to stalk, harass, or harm another individual
• Misrepresenting your identity or affiliation

4.5 System Interference

• Interfering with or disrupting the integrity or performance of the Services
• Sending automated queries or excessive requests that may burden our infrastructure
• Using any robot, spider, or other automated system to access the Services without permission

4.6 Violations of Confidentiality

• Sharing access credentials with unauthorized users
• Extracting data from the Services for unauthorized purposes
• Disclosing confidential information obtained through the Services

5. Industry-Specific Restrictions

Given that our Services may be used in regulated industries, the following additional restrictions apply:

• Healthcare: Protected Health Information (PHI) must be handled in accordance with HIPAA regulations.
• Financial Services: Cardholder data must be handled in accordance with PCI DSS requirements.
• Critical Infrastructure: Information about critical infrastructure vulnerabilities must be appropriately restricted.
• Government Data: Classified information must not be uploaded unless the Services have been specifically authorized for such use. Government data must be managed in accordance with relevant compliance frameworks (e.g., FedRAMP).

6. User Content and Public Submissions

You are solely responsible for all content that you upload, post, or otherwise make available via the Services. You must have all necessary rights to submit content and must appropriately label and classify it according to its sensitivity level.

Content submitted to public or community areas may be visible to other users. Do not submit confidential, sensitive, or private information to public areas. RiskForce reserves the right to remove any public submission that violates this Policy.

Users and organizations must have qualified cybersecurity professionals review any code, scripts, technical solutions, or security mitigations before implementation. Implementation of any submitted content is done at your own risk. RiskForce is not responsible for damages resulting from the implementation of user-submitted or community-generated content.

7. Security Requirements

• You must maintain the confidentiality of all access credentials
• You must use strong, unique passwords that are regularly updated
• You must implement multi-factor authentication when available
• You must promptly notify RiskForce of any unauthorized access or security breach
• Devices used to access the Services should be protected by current antivirus and security software with up-to-date patches

8. Reporting Violations

If you become aware of any violation of this Policy, you must promptly report it to RiskForce by contacting contact@riskforce-llc.com. Please provide as much detail as possible to assist in our investigation.

9. Enforcement

RiskForce reserves the right to monitor use of the Services to ensure compliance with this Policy. We may investigate suspected violations and cooperate with law enforcement investigations.

Consequences of breach may include: formal warnings, content removal, temporary suspension, restricted access, permanent account termination (including paid subscriptions without refund), prohibition from future use, reporting to authorities, and legal action including seeking damages and recovery of legal costs.

RiskForce may implement any of these consequences immediately and without prior notice. If you believe a consequence has been applied in error, you may appeal by contacting contact@riskforce-llc.com with detailed information supporting your appeal.

10. Contact

If you have questions about this Policy or to report violations, please contact contact@riskforce-llc.com.