Acceptable Use Policy

1. Where you may use the tools

You may use the NodeBreach platform, CLI, scanners, exploits, and any other offensive tooling provided:

• Against training targets we provision for you inside the NodeBreach range
• Against infrastructure you own, operate, or have documented written authorization to test (in which case you are responsible for the scope and legality of that engagement, not NodeBreach)
• For CTF events, red-team exercises, or security courses run by authorized organizers
• For research disclosed in good faith under our Vulnerability Disclosure Policy

2. What you may NOT do

• Attack, scan, exploit, or attempt to access systems you do not own or have explicit written authorization to test
• Use NodeBreach infrastructure as a launchpad or proxy for attacks against third parties
• Attempt to escape your assigned container(s), access other users' data, or pivot laterally within the NodeBreach infrastructure (report it via our VDP instead)
• Distribute, host, mine, or store: malware that targets real systems, stolen credentials, CSAM, copyright-infringing content, cryptocurrency-mining workloads
• Scrape, crawl, or automate the NodeBreach website outside of our documented API
• Resell, sublicense, white-label, or redistribute NodeBreach content without a commercial agreement
• Circumvent rate limits, quotas, or tier restrictions, or operate multiple accounts to do so
• Harass, threaten, dox, or target other users — including through battle chat, forum, or any player-to-player surface
• Use NodeBreach in violation of US export-control, sanctions, or the laws of your jurisdiction

3. Resource limits & fair use

Each subscription tier ships with explicit limits on concurrent nodes, attacks-per-day, and persistent nodes. Those limits are published on the pricing page. We also reserve the right to rate-limit abusive patterns (excessive scan volume, long-running processes consuming shared CPU, repeated failed authentications) even within your advertised limits.

Bulk or automated use of the training range must be done through the API with a valid API token. If you need more capacity than a paid tier provides, contact sales@nodebreach.com.

4. Content you create

You retain ownership of the writeups, custom decks, forum posts, notes, and other content you create on NodeBreach. You grant us a non-exclusive, worldwide license to host, display, and serve that content as needed to operate the service. You are responsible for ensuring your content does not infringe third-party rights and does not contain real secrets, production credentials, or real customer data.

5. Enforcement

Suspected violations may result in any of the following without prior notice:

• Immediate termination of running nodes and sessions
• Account suspension or permanent ban with no refund for unused subscription time
• Preservation and disclosure of logs, IP addresses, and account data to law enforcement where we are legally compelled or where we reasonably believe it is necessary to prevent harm
• Civil action for damages and injunctive relief, including recovery of legal costs

6. Reporting abuse

7. Changes to this policy

We may update this policy as the service evolves. Material changes will be announced in-product and on our changelog. Continued use after the effective date constitutes acceptance.