Acceptable Use Policy

Permitted uses

InfoBreach is built for legitimate security, fraud-prevention, and identity-verification work. Examples of permitted use:

• Monitoring your own organisation's domain for credential exposure.
• Verifying whether a customer's account has been involved in a breach as part of a fraud workflow.
• Security research, journalism, and incident response with appropriate authorisation.
• Building anti-fraud, anti-takeover, and identity-verification features into your own products.

Prohibited uses

You may not use the service for, or in connection with:

• Stalking, harassment, intimidation, or threats against any person.
• Doxxing. Publishing or threatening to publish a private individual's personal information.
• Unauthorised access (computer misuse): using credentials surfaced by the service to log into anyone's account without explicit authorisation.
• Credential stuffing or brute-force attempts against third-party services.
• Identity theft or financial fraud.
• Domestic abuse, intimate-partner surveillance, or any form of intimate-partner monitoring.
• Discrimination on the basis of any protected characteristic.
• Any activity that violates applicable law.
• Reselling or redistributing breach data or search output as a standalone product.

Enforcement

We monitor for prohibited activity. Violations result in immediate account termination without refund, forfeiture of paid time, and where appropriate, referral to law enforcement with a copy of your activity log. We do not negotiate with violators; appeals are limited to factual errors in our determination.

Reporting

If you believe an InfoBreach account is being used in violation of this policy, email [email protected] with as much detail as you can. We acknowledge and triage every report.