Acceptable Use Policy

You must hold a valid, current, signed Penetration Testing Authorisation for every target before any scan begins. No exceptions, including during trials and beta evaluations.

You must only test systems you own or are explicitly, lawfully authorised in writing to test. You are responsible for ensuring your scope is accurate and that any required third-party consents (hosting providers, cloud platforms, ISPs) are in place.

You must not use the Services to:

• Test, scan, probe, or exploit any system you do not own or are not explicitly authorised to test
• Test any target outside the authorised scope and test window
• Attack, disrupt, or gain unauthorised access to any third party, or use the Services as a launch point against third-party infrastructure
• Conduct unlawful surveillance, espionage, or interception
• Exfiltrate, retain, or misuse any data accessed during testing beyond what is necessary to evidence a finding
• Circumvent or disable the Platform's security controls, rate limits, or scope enforcement
• Reverse engineer the Platform or extract or replicate its scanning methodology
• Resell or provide access to the Services except as expressly permitted (for example, under an MSP Partner Agreement)
• Breach any applicable law, including computer-misuse, privacy, and export-control laws

If you access the Services as an MSP or reseller, you must additionally: hold and retain End Client authorisation for every target (per the MSP Partner Agreement), flow the Sub-Processor List and cross-border disclosure to your End Clients, and not represent the Services in a misleading way.

You must report to CyberOrbit, promptly, any: suspected unauthorised use of your account; testing that has occurred outside scope; or security incident affecting the Services. Report via our security disclosure form.

If you discover a vulnerability in the CyberOrbit platform itself, follow the Responsible Disclosure Policy.

• Suspension. CyberOrbit may immediately suspend access, in whole or in part, if it reasonably suspects a breach of this AUP, unauthorised testing, or a risk of harm to any system or person.
• Termination. A material or repeated breach may result in termination of the Services under the applicable agreement.
• Cooperation with authorities. CyberOrbit may report unlawful activity to, and cooperate with, law enforcement and regulators as required by law.

CyberOrbit may update this AUP on notice. Continued use after the effective date constitutes acceptance.

This AUP is incorporated into, and read with, the Terms of Service and our Privacy Policy.

Security issues and reports: use our security disclosure form. General and legal enquiries: use the contact form.