Acceptable Use Policy (AUP)

Last Published: 3/17/2025

RiskForce-LLC Acceptable Use Policy

1. Introduction

In Simple Terms: This document explains what you can and cannot do when using RiskForce’s services. Following these rules keeps everyone safe and helps us provide reliable services. This policy applies to everyone using RiskForce services. If your organization has a separate contract with us, that contract overrides this policy where they conflict.

1.1 Scope and Applicability

This Acceptable Use Policy (“Policy”) governs your use of RiskForce-LLC’s (“RiskForce”) cybersecurity and risk management services, applications, and platforms (collectively, the “Services”). This Policy applies to all users of the Services, including customers, authorized users, administrators, and any person or entity that accesses or uses the Services (collectively, “Users”).

By accessing or using the Services, you agree to comply with this Policy. RiskForce reserves the right to modify this Policy at any time by posting an updated version on our website. Your continued use of the Services after such modifications constitutes your acceptance of the revised Policy.

1.2 Relationship to Other Agreements

All users are subject to this Policy. However, RiskForce may enter into separate written agreements (such as Enterprise Agreements, Master Service Agreements, or Government Contracts) with businesses, organizations, or government entities (“Custom Agreements”). In the event of any conflict between the terms of this Policy and the terms of any Custom Agreement, the terms of the Custom Agreement will prevail to the extent of such conflict. All provisions of this Policy that are not in conflict with the Custom Agreement will remain in full force and effect.

Nothing in this Policy is intended to supersede, modify, or circumvent any legal or regulatory requirements applicable to specific industries or jurisdictions.

2. Purpose

In Simple Terms: We created this policy to protect everyone’s security and privacy, ensure legal compliance, and maintain a secure environment for managing cybersecurity risks.

The purpose of this Policy is to:

  • Protect the security, integrity, and availability of the Services
  • Protect the privacy and data of all Users
  • Ensure compliance with applicable laws and regulations
  • Establish clear guidelines for acceptable and unacceptable use
  • Maintain a secure environment for risk management activities

3. Acceptable Use

In Simple Terms: You can use our services for legitimate business purposes that comply with laws and industry standards. You should provide accurate information and use the system responsibly.

You may use the Services only for lawful purposes and in accordance with this Policy. You agree to use the Services in a manner that:

3.1 Complies with Legal Requirements

  • Adheres to all applicable local, state, national, and international laws and regulations
  • Respects intellectual property rights, privacy rights, and contractual obligations
  • Complies with industry standards and best practices for cybersecurity and data protection

3.2 Furthers Legitimate Business Purposes

  • Supports genuine risk management, compliance, and cybersecurity objectives
  • Furthers your organization’s legitimate business activities
  • Helps identify, mitigate, and manage security risks and compliance requirements

3.3 Maintains Data Integrity

  • Ensures the accuracy and reliability of data entered into the Services
  • Provides truthful and factual information for risk assessments and compliance activities
  • Properly categorizes and labels sensitive data according to its classification level

3.4 Respects System Resources

  • Uses the Services in a manner that does not unreasonably burden system resources
  • Accesses the Services at reasonable intervals and frequencies
  • Follows any published guidelines for API usage or data processing limits

4. Prohibited Use

In Simple Terms: Don’t use our services for illegal activities, security attacks, sharing harmful content, introducing malicious code, or disrupting our systems. Don’t share false security advice that could harm others.

You may not use the Services in any manner that could damage, disable, overburden, or impair the Services or interfere with any other party’s use of the Services. The following activities are expressly prohibited:

4.1 Illegal Activities

In Simple Terms: Don’t break the law while using our services or use RiskForce to help with illegal activities.

Using the Services to commit or facilitate any criminal offense

  • Engaging in activities that violate any applicable law or regulation
  • Accessing, storing, or transmitting information in violation of data protection or privacy laws
  • Using the Services for money laundering, terrorist financing, or other financial crimes

4.2 Security Violations

In Simple Terms: Don’t try to hack, break into, or attack our services or other systems.

  • Attempting to gain unauthorized access to the Services or related systems or networks
  • Circumventing or testing the vulnerability of security measures
  • Engaging in any activity that may be used as a precursor to an attempted system penetration
  • Introducing malicious code, including viruses, worms, Trojan horses, ransomware, spyware, or other harmful components
  • Conducting denial of service attacks or other disruptive activities
  • Attempting to decrypt or otherwise circumvent encryption or other security measures

4.3 Malicious Submissions and Shared Content

In Simple Terms: Don’t share or recommend security solutions that contain hidden harmful code or actually make security worse. Don’t trick others with fake security advice.

  • Submitting, sharing, or recommending cyber mitigations, code samples, or technical solutions that:
    • Contain malicious code, backdoors, or deliberately introduced vulnerabilities
    • Are designed to cause harm to systems, networks, or data when implemented
    • Include disguised or obfuscated malware, spyware, or ransomware
    • Contain unauthorized cryptocurrency miners or other resource hijacking mechanisms
    • Execute unwanted or unauthorized actions beyond their stated purpose
    • Exfiltrate data to unauthorized third parties when implemented
    • Are intentionally ineffective or create a false sense of security
    • Deliberately weaken security postures when implemented
  • Recommending techniques or procedures that are unethical, illegal, or violate standard security practices
  • Falsely presenting harmful code or techniques as legitimate security mitigations

4.4 Misuse of Data

In Simple Terms: Don’t upload harmful, illegal, or offensive content. This includes threats, violence, self-harm content, fraudulent information, or anything that harms others.

  • Uploading or sharing content that infringes upon the intellectual property rights of others
  • Disclosing personal information about minors or vulnerable individuals
  • Uploading, storing, or transmitting any content that is:
    • Pornographic, obscene, or sexually explicit
    • Harassing, threatening, or bullying
    • Defamatory, libelous, or fraudulent
    • Discriminatory based on race, gender, religion, nationality, disability, sexual orientation, or age
    • Designed to incite hatred or violence
    • Invasive of another’s privacy
    • Containing credible threats to individuals, groups, or public safety
    • Organizing, encouraging, or celebrating harm to others
    • Promoting, glorifying, or providing instructions for self-harm or suicide
    • Depicting gratuitous violence or gore
    • Fraudulent, deceptive, or designed to scam or mislead users
  • Using the Services to stalk, harass, or harm another individual
  • Misrepresenting your identity or affiliation

4.5 System Interference

In Simple Terms: Don’t overload or disrupt our systems or use automated tools that could impact service performance.

  • Interfering with or disrupting the integrity or performance of the Services
  • Attempting to probe, scan, or test the vulnerability of our systems or networks
  • Sending automated queries or excessive requests that may burden our infrastructure
  • Using any robot, spider, or other automated system to access the Services
  • Engaging in activities that could damage, disable, overburden, or impair our servers or networks
  • Attempting to interfere with service to any user, host, or network

4.6 Data Misuse in Public Areas

In Simple Terms: Don’t post misleading, irrelevant, or harmful content in public areas of our services.

  • Posting irrelevant, misleading, or deceptive content in public or shared areas
  • Using public or community features to distribute malware or phishing content
  • Posting content that promotes illegal activities or harmful behaviors
  • Using public areas to distribute spam, chain letters, or unsolicited communications
  • Posting content that could lead to security vulnerabilities in other systems

4.7 Violations of Confidentiality

In Simple Terms: Keep your login credentials private and don’t share confidential information inappropriately.

  • Sharing access credentials with unauthorized users
  • Extracting data from the Services for unauthorized purposes
  • Disclosing confidential information obtained through the Services
  • Using confidential information for purposes beyond those for which it was provided

5. Industry-Specific Restrictions

In Simple Terms: If you’re in a regulated industry like healthcare or finance, you must handle sensitive data according to industry regulations and standards.

Given that our Services may be used in regulated industries, the following additional restrictions apply:

5.1 Healthcare

  • Protected Health Information (PHI) must be handled in accordance with HIPAA regulations
  • Patient data must be appropriately secured and access-controlled
  • Clinical information must not be exposed in public areas of the Services

5.2 Financial Services

  • Cardholder data must be handled in accordance with PCI DSS requirements
  • Personal financial information must be appropriately protected
  • Non-public financial information must not be disclosed in public forums

5.3 Critical Infrastructure

  • Information about critical infrastructure vulnerabilities must be appropriately restricted
  • Sensitive operational data must be properly secured and access-controlled
  • Information that could pose a national security risk must be handled with appropriate safeguards

5.4 Government Data

  • Classified information must not be uploaded unless the Services have been specifically authorized for such use
  • Information subject to export controls must be handled in accordance with applicable regulations
  • Government data must be managed in accordance with relevant compliance frameworks (e.g., FedRAMP)

6. User Content and Public Submissions

In Simple Terms: You’re responsible for what you upload. Don’t share confidential information in public areas. Always have a qualified professional review security solutions before implementing them.

6.1 User Responsibility

  • You are solely responsible for all content that you upload, post, email, transmit, or otherwise make available via the Services (“User Content”)
  • You must have all necessary rights to submit User Content
  • You must appropriately label and classify User Content according to its sensitivity level

6.2 Public Submissions

  • Content submitted to public or community areas may be visible to other users
  • Do not submit confidential, sensitive, or private information to public areas
  • Public submissions must comply with all aspects of this Policy
  • RiskForce reserves the right to remove any public submission that violates this Policy

6.3 Professional Review Requirement

  • RiskForce cannot monitor or validate all user-generated content or community submissions
  • Users and organizations must have qualified cybersecurity professionals review any code, scripts, technical solutions, or security mitigations before implementation
  • Implementation of any submitted content, community solutions, or system-generated recommendations is done at your own risk
  • You acknowledge that content may not have been verified by RiskForce and may contain errors, vulnerabilities, or potentially harmful elements
  • Organizations should follow standard change management and security validation procedures before implementing any solutions found on the platform
  • RiskForce is not responsible for damages resulting from the implementation of user-submitted or community-generated content

7. Security Requirements

In Simple Terms: Protect your account with strong passwords, keep your devices secure, and report any security breaches immediately.

7.1 Authentication and Access

  • You must maintain the confidentiality of all access credentials
  • You must use strong, unique passwords that are regularly updated
  • You must implement multi-factor authentication when available
  • You must promptly notify RiskForce of any unauthorized access or security breach

7.2 Endpoint Security

  • You must maintain reasonable security measures on devices used to access the Services
  • Devices should be protected by current antivirus and security software
  • Operating systems and applications should be kept up-to-date with security patches
  • You should implement appropriate encryption for sensitive data

8. Reporting Violations

In Simple Terms: If you see something suspicious or that violates these rules, please tell us right away.

If you become aware of any violation of this Policy, you must promptly report it to RiskForce by contacting contact@riskforce-llc.com. Please provide as much detail as possible to assist in our investigation.

9. Enforcement

In Simple Terms: We may monitor for violations and take action ranging from warnings to account termination or legal measures, depending on the severity of the violation.

9.1 Monitoring and Investigation

In Simple Terms: We may investigate potential violations and cooperate with authorities when necessary.

  • RiskForce reserves the right to monitor use of the Services to ensure compliance with this Policy
  • We may investigate suspected violations and cooperate with law enforcement investigations
  • We may access, preserve, and disclose information as necessary to:
    • Comply with legal obligations
    • Enforce this Policy
    • Respond to claims of Policy violations
    • Protect our rights, property, or safety, or that of our users or the public

9.2 Consequences of Breach

In Simple Terms: Breaking these rules can result in warnings, restrictions, or account termination. Serious violations may lead to legal action. You can appeal if you think a mistake was made.

RiskForce takes violations of this Policy seriously and reserves the right, at its sole discretion, to enforce any of the following consequences for breach:

9.2.1 Immediate Actions

  • Warning: For minor first-time violations, we may issue a formal warning.
  • Content Removal: We may immediately remove or disable access to any User Content that violates this Policy without prior notice.
  • Temporary Suspension: We may temporarily suspend your account and access to the Services while we investigate potential violations.

9.2.2 Account Sanctions

  • Restricted Access: We may limit your access to certain features or functionality of the Services.
  • Permanent Termination: We may permanently terminate your account and access to all Services, including any paid subscriptions, without refund.
  • Prohibition from Future Use: We may prohibit you from creating new accounts or accessing the Services in the future.

9.2.3 Additional Consequences

  • Reporting to Authorities: We may report violations to law enforcement, regulatory authorities, or affected third parties.
  • Legal Action: We reserve the right to pursue all legal remedies, including seeking damages, injunctive relief, and recovery of legal costs.
  • Payment for Resources: You may be required to pay for any extraordinary costs incurred by RiskForce as a result of your violation, including system recovery costs and response team expenses.
  • Notification to Your Organization: For enterprise users, we may notify your organization’s authorized administrator or compliance officer of any violations.

9.2.4 Implementation of Consequences

  • RiskForce may implement any of these consequences immediately and without prior notice.
  • The severity of consequences will be determined based on factors including, but not limited to: the severity of the violation, whether it was intentional, whether it is a repeat offense, potential harm to other users, and legal or regulatory requirements.
  • Our decision to take action or not take action in any particular case does not waive our right to take action in similar cases in the future.
  • Termination of your account does not relieve you of any obligation to pay any outstanding fees or charges.

9.2.5 Appeal Process

If you believe a consequence has been applied in error, you may appeal by contacting contact@riskforce-llc.com with detailed information supporting your appeal. RiskForce will review appeals but is under no obligation to reverse any enforcement action taken.

10. No Monitoring Obligation

In Simple Terms: While we can monitor content, we don’t actively review everything users post. We’re not responsible for user-generated content.

While RiskForce reserves the right to monitor the Services for compliance with this Policy, we are under no obligation to do so. We do not actively monitor User Content and take no responsibility for any content provided by users.

11. Contact Information

If you have questions about this Policy or to report violations, please contact contact@riskforce-ll.com

12. Policy Updates

RiskForce may update this Policy from time to time. We will notify users of any material changes by posting the new Policy on our website and updating the “Last Updated” date. Your continued use of the Services after such changes constitutes your acceptance of the revised Policy.

Scroll to Top