User Policy
SOCVault Ltd · Last updated: June 2026 · Acceptable Use Policy
1. Authorised use
SOCVault may only be used to scan, test, and monitor infrastructure that you own or have explicit written authorisation to test. Scanning third-party infrastructure without authorisation is a violation of this policy and may be a criminal offence under the Computer Misuse Act 1990 (UK) or equivalent legislation in your jurisdiction.
2. Verification requirement
Every domain submitted for scanning must pass domain ownership verification (DNS TXT record or HTML meta tag) before any active scan is initiated. SOCVault reserves the right to suspend accounts that attempt to bypass verification.
3. Prohibited activities
You must not use SOCVault to: scan targets you do not own or are not authorised to test; conduct denial-of-service attacks; attempt to compromise SOCVault infrastructure; resell SOCVault services without a written reseller agreement; use scan results to facilitate attacks on third parties; or share account credentials.
4. Business email requirement
Self-serve accounts require a verified business or corporate email address. Personal email accounts are not permitted. Violation of this requirement will result in account suspension.
5. L9 AI Agent consent
The L9 AI Agent Scan requires explicit per-session consent before each run. By initiating an L9 session you confirm you are authorised to conduct active testing against the specified target for the duration of that session.
6. SOAR automation
Automated SOAR responses (IP blocking, quarantine, containment) are executed against infrastructure you have connected to SOCVault. You accept responsibility for the consequences of automated responses, including IP blocking of legitimate traffic. Use the human-gate option for any response that may affect production traffic.
7. Account sharing and multi-tenant use
Accounts are per-organisation. MSPs and resellers must use the MSP Portal for multi-tenant management and may not share a single organisation account across multiple end customers.
8. Compliance with law
You must comply with all applicable laws including UK GDPR, the Computer Misuse Act 1990, and equivalent laws in your jurisdiction when using SOCVault to process personal data or conduct security testing.
9. Enforcement
Violations of this policy may result in immediate account suspension, permanent termination, and referral to law enforcement where applicable. SOCVault will cooperate fully with law enforcement investigations arising from misuse of the platform.
10. Contact
To report misuse or ask a question about this policy: abuse@socvault.io · SOCVault Ltd, England and Wales.