Acceptable Use Policy

Effective Date: March 4, 2026

1. Purpose

This Acceptable Use Policy ("AUP") defines what constitutes acceptable and prohibited use of the platform, APIs, and services provided by Windsor Security LLC, an Ohio limited liability company ("Windsor Security," "we," "us," or "our") through windsorsec.com and related systems.

This policy applies to all users of our services, whether on free or paid plans. It supplements our Terms of Service, which govern your overall use of the platform. If there is a conflict between this AUP and the Terms of Service, the Terms of Service control.

We build security tools for security professionals. Most of what follows is common sense for anyone working in this field. We spell it out here so expectations are clear on both sides.

2. Permitted Uses

Our platform is designed for defensive cybersecurity operations. You are welcome to use our services for:

  • Legitimate security operations, including SOC workflows, incident response, and threat analysis
  • IOC enrichment for defensive security purposes — looking up indicators to understand threats and inform protective action
  • Threat intelligence research and reporting, including incorporating enrichment results into internal or published threat reports
  • Detection tuning and alert optimization — using our tools to reduce false positives, prioritize alerts, and improve detection coverage
  • AI security posture assessment for organizations you own or are explicitly authorized to assess
  • Integrating with your security tooling (SIEM, SOAR, ticketing systems, etc.) via our API, within your plan's rate limits
  • Authorized penetration testing and security research conducted with proper authorization from system owners

3. Prohibited Uses — General

The following activities are prohibited regardless of which services you use:

  • Any activity that violates applicable local, state, federal, or international law
  • Harassment, threats, intimidation, or abuse directed at any individual or group
  • Impersonating other users, organizations, or Windsor Security personnel
  • Submitting intentionally false, fabricated, or misleading data to the platform
  • Attempting to gain unauthorized access to other users' accounts, data, or private resources
  • Using the platform to plan, coordinate, or facilitate attacks against any system or network
  • Uploading, distributing, or referencing malware through the platform with the intent to cause harm (submitting malware indicators for analysis purposes is, of course, permitted)

4. Prohibited Uses — API

Our API is provided so you can integrate Windsor Security into your workflows. The following API-specific restrictions apply:

  • Rate limit compliance: Do not exceed the rate limits for your plan. Free plans are limited to 20 API requests per day. Professional plans are limited to 500 API requests per day. If you need higher limits, contact us.
  • Automated scraping or bulk data extraction that exceeds your plan's rate limits
  • Sharing API credentials, JWT tokens, or other authentication material with unauthorized third parties
  • Circumventing or attempting to circumvent authentication mechanisms, rate limiting, or access controls
  • Using API access to build, train, or operate a competing product or service
  • Reselling, sublicensing, or redistributing API access or enrichment data without written authorization from Windsor Security

5. Prohibited Uses — IOC Enrichment

Our IOC enrichment services exist to help defenders understand threats. The following uses are prohibited:

  • Submitting IOC queries for the purpose of identifying, locating, or targeting individuals (doxxing) or facilitating surveillance outside of lawful, authorized security operations
  • Using enrichment results to facilitate offensive cyber operations against targets you are not authorized to test
  • Submitting queries that are themselves attack payloads — for example, SQL injection strings, cross-site scripting payloads, or command injection attempts in IOC input fields
  • Deliberately misrepresenting or fabricating enrichment results in threat reports, advisories, or other publications

6. Prohibited Uses — AI Security Assessment

Our AI security assessment tools evaluate the security posture of Microsoft 365 environments and related AI services. These assessments require trust, and the following restrictions apply:

  • Running assessments against Microsoft 365 tenants that you do not own or are not explicitly authorized to assess
  • Attempting to escalate privileges or operate beyond the read-only access scope granted during the assessment
  • Using assessment findings to exploit discovered vulnerabilities or misconfigurations rather than remediating them
  • Sharing assessment results, reports, or findings with unauthorized parties — these reports contain sensitive security information about the assessed environment

7. Resource Usage

We operate shared infrastructure, and every user's experience depends on responsible resource usage:

  • Do not consume excessive computational, bandwidth, or storage resources in a way that degrades the platform for other users
  • Do not perform denial-of-service testing, load testing, stress testing, or similar activities against our infrastructure without prior written authorization
  • Do not intentionally attempt to degrade, disrupt, or interfere with service availability for other users

8. Reporting Violations

If you believe another user is violating this policy, or if you become aware of any misuse of our platform, please report it to hello@windsorsec.com. Include as much detail as you can — what you observed, when it occurred, and any relevant evidence.

We take all reports seriously and will investigate each one. We will not retaliate against users who report violations in good faith.

9. Enforcement

We enforce this policy proportionally. Our goal is to keep the platform safe and useful for everyone, not to catch people on technicalities. That said, we will act when necessary:

  • Warnings: For minor or first-time violations, we may issue a warning and ask you to correct the behavior.
  • Temporary suspension: For repeated violations or more serious issues, we may temporarily suspend your access while we investigate.
  • Account termination: For severe violations — or continued violations after warnings — we may permanently terminate your account and revoke all access.
  • Law enforcement referral: If we believe illegal activity has occurred, we may report it to the appropriate law enforcement authorities.

Enforcement decisions are made at our sole discretion. If your account is terminated for violating this AUP, you are not entitled to a refund of any fees paid.

10. Changes to This Policy

We may update this Acceptable Use Policy from time to time. When we do, we will post the revised policy on this page and update the effective date at the top. We may also notify you of material changes via email or through the platform.

Your continued use of our services after changes are posted constitutes your acceptance of the updated policy. If you disagree with any changes, you should stop using our services and contact us about closing your account.

11. Contact

If you have questions about this Acceptable Use Policy, or if you are unsure whether a particular use case is permitted, reach out before proceeding. We are happy to clarify.

hello@windsorsec.com

Windsor Security LLC
Ohio, United States