Skip to content
← Legal

Acceptable Use Policy

Effective: Last updated:

This Acceptable Use Policy (“AUP”) governs your use of the Fimil platform (the “Service”) and is incorporated into the Terms of Service. Because Fimil performs active security scanning and autonomous penetration testing, the most important rule is simple: only test what you are authorized to test.

1. Authorization to scan and test

You may direct the Service to scan or test only:

  • repositories, applications, endpoints, APIs, and systems that you own; or
  • systems for which you have explicit, documented authorization from the owner to perform security scanning and penetration testing.

When you configure a penetration-test policy, you must attest to your authorization for the specified Target(s) and the hosts in scope. You are solely responsible for the accuracy of that attestation and for staying within the authorized scope. The Service enforces scope controls, but those controls do not relieve you of your responsibility to have authorization. Use of the autonomous penetration-testing agent is additionally governed by the AI-Pentest Addendum, which sets out the authorization warranties, scope, and allocation of testing risk that control for the agent.

2. Prohibited uses

You must not use the Service to:

  • Access systems without authorization — scan, probe, or attack any system you do not own or are not explicitly authorized to test; attempt to circumvent the Service’s scope controls; or target third-party infrastructure, shared services, or metadata/cloud-internal endpoints outside your authorized scope.
  • Cause harm or disruption — launch denial-of-service attacks, intentionally degrade or damage a Target, exfiltrate or destroy data beyond what is necessary to demonstrate a finding, or use the Service to deliver malware.
  • Violate law or the rights of others — use the Service for any unlawful purpose, to infringe intellectual property, or to violate the privacy or data-protection rights of others.
  • Abuse the platform — attempt to gain unauthorized access to the Service or other tenants’ data, interfere with the Service’s operation, circumvent usage limits or billing, or resell the Service except as permitted.
  • Misuse AI features — attempt to manipulate the AI agent to act outside an authorized scope, or use outputs to facilitate unauthorized access to any system.

3. Active and destructive testing

Some testing techniques are intrusive. You are responsible for understanding the potential impact of the tests you enable (including any destructive options) and for running them only against authorized, appropriately prepared Targets. We strongly recommend testing against non-production or properly backed-up environments where appropriate.

4. Reporting violations

Report suspected abuse or security issues to abuse@fimil.dev (abuse) or security@fimil.dev (vulnerabilities in the Service itself).

5. Enforcement

Violations may result in warning, throttling, suspension, or termination, and we may notify or cooperate with law enforcement where appropriate. We may suspend activity immediately where we reasonably believe it threatens the Service, other users, or third parties.

6. Changes

We may update this AUP from time to time; the “Last updated” date reflects the latest revision.