Acceptable use policy

You can scan domains, hosts, and accounts that you own or that you have explicit, written authorization from the legal owner to scan. Authorization must be specific, time-bound, and pre-date the scan.

DNS verification is the gate. Brektra refuses to start a scan against a target that does not have an active TXT record, and re-checks the record at the start of every run.

• Scan third-party systems. Even at a customer's request, you can only scan systems they themselves own. Asking Brektra to attack a vendor or competitor is a violation of this policy and likely a violation of law.
• Circumvent verification. Do not attempt to spoof DNS, inject TXT records on infrastructure you do not control, or submit forged authorization. We log verification anomalies and review them.
• Use Brektra to attack third parties. The platform must not be used as part of an unauthorized offensive operation against any system.
• Reverse engineer the agent or engine. Decompiling, extracting source from binaries, or building a derivative scanner from the artifacts we ship is prohibited. Standard interoperability use is fine.
• Resell or repackage the service. Consultants delivering services to their own clients on the Business plan are explicitly permitted. Resale to other security vendors or relabeling Brektra under a different brand is not.
• Stress or abuse the service. Do not use Brektra to host unrelated attack staging, do not script the dashboard to evade rate limits, do not flood the service.
• Process illegal content. Scans that produce content illegal under your jurisdiction's laws (CSAM, certain sanctioned content) are not the kind of work this platform supports. Stop the scan and contact us.

Aggressive Mode runs destructive payloads. It is gated by a per-target flag you must explicitly toggle. Never enable Aggressive Mode against shared infrastructure or against production without engineering approval.

Violations are grounds for immediate suspension or termination, with no refund. We may report serious violations (unauthorized attacks against third parties, illegal content) to law enforcement.

If you believe a Brektra customer is using the service against your systems without authorization, email support@brektra.com with the subject line "Abuse report". Include the target hostname, the timestamp, and any source IPs you have captured. We respond within one business day.