Acceptable Use Policy

This Acceptable Use Policy ("AUP") applies to all users of the Secure Tenant platform, including free-tier and premium subscribers, and forms part of our Terms of Service. By using the Service, you agree to comply with this AUP.

The Service may be used for the following purposes:

• Scanning Microsoft 365 tenants that you own or for which you have been granted administrative authority.
• Generating and reviewing security assessment reports for your own organization.
• Sharing scan results and reports within your organization for internal security purposes.
• For MSPs: scanning and managing Microsoft 365 tenants for which you have documented, written authorization from the tenant owner/administrator.

You may NOT use the Service for any of the following:

• Scanning any Microsoft 365 tenant without explicit authorization from the tenant owner or administrator.
• Attempting to gain write access to or modify any tenant configurations through the Service or its APIs.
• Using scan results to harm, extort, blackmail, or threaten any individual or organization.
• Reverse engineering, decompiling, or disassembling the scanning algorithms, methodologies, or any part of the Service.
• Automated scraping, bulk data extraction, or systematic retrieval of data beyond the intended API usage and rate limits.
• Reselling, redistributing, or commercializing the Service or scan results without an MSP Enterprise agreement.
• Using the Service to gather competitive intelligence against Secure Tenant.
• Introducing malicious code, viruses, or harmful components into the Service.
• Attempting to circumvent technical limitations, rate limits, or access controls.
• Using the Service to conduct unauthorized penetration testing or vulnerability assessments beyond the scope of the read-only security configuration analysis provided.
• Any use that violates applicable laws, regulations, or the rights of third parties.
• Sharing your account credentials with unauthorized individuals or allowing unauthorized third parties to access the Service through your account.

You must ensure proper authorization before scanning any Microsoft 365 tenant:

• You must be a Global Administrator or have equivalent administrative rights for each tenant you connect to the Service, or have documented authorization from such an administrator.
• For MSPs managing client tenants: you must maintain current, written authorization from each client before scanning their tenant. Secure Tenant reserves the right to request proof of authorization at any time.
• OAuth consent must be granted by an authorized administrator of the tenant. Granting OAuth consent without proper authority is a material breach of these terms.

To ensure service quality for all users, the following limits apply:

• API rate limits as documented in our API documentation.
• Scan frequency limits based on your subscription tier.
• Storage limits for scan results and reports based on your subscription tier.
• Excessive usage that degrades service quality for other users may result in temporary throttling or suspension.

Secure Tenant reserves the right to monitor usage of the Service for compliance with this AUP. We may investigate suspected violations and take appropriate action, which may include:

• Issuing a warning and requesting correction of the violation.
• Temporarily suspending your access to the Service.
• Permanently terminating your account without refund.
• Reporting violations to law enforcement authorities if criminal activity is suspected.
• Pursuing legal remedies for damages caused by the violation.

If you become aware of any violation of this AUP, please report it to us at contact@secure-tenant.com. We take all reports seriously and will investigate promptly.

For questions about this Acceptable Use Policy:

• Email: contact@secure-tenant.com
• Secure Tenant, Diepmeerven 33, 5645KG Eindhoven, Netherlands