Acceptable Use Policy
1. Prohibited content
You may not use Findrix to audit, deploy to, or track:
- Sites hosting child sexual abuse material (CSAM) — we report to NCMEC and equivalent authorities
- Content that incites violence, terrorism, or genocide
- Fraudulent commerce sites (counterfeit goods, fake services, phishing-as-a-service)
- Stolen credentials, malware distribution, exploit kits
- Doxxing or harassment campaigns targeting individuals or protected groups
2. Prohibited technical patterns
You may not:
- Use Findrix to scan, probe, or audit sites you do not own or have written authorization to audit
- Use Findrix as a vector to attack third parties (denial of service, credential stuffing, vulnerability scanning without permission)
- Bypass our rate limits via multiple accounts, IP rotation, or other circumvention
- Reverse-engineer the Service to extract proprietary methodology implementations
- Submit known-malicious URLs to consume our outbound IP reputation
3. Prohibited LLM citation tactics
Findrix exists to make legitimate brands findable. We refuse to deploy:
- Prompt injection — hidden instructions, Unicode tricks, ANSI escape codes, jailbreak payloads embedded in content
- Cloaking — serving different content to LLM crawlers vs. humans
- Mass-generated low-quality content — pages generated solely to seed citations
- Link farms — coordinated cross-site link injections targeting AI crawlers
- Deceptive attribution — claiming credentials, certifications, or endorsements you do not hold
4. Rate limits
Findrix enforces per-account rate limits to protect our infrastructure and downstream LLM providers' rate limits. Current limits (subject to change):
| Action | Free tier | Paid tiers |
|---|---|---|
| Audit submissions | 3 per hour | 20 per hour |
| API calls | n/a | 1,000 / 10 min |
| Deploy operations | n/a | Per-stack daily caps |
5. Enforcement
If we believe you have violated this policy, we may:
- Issue a warning and pause specific actions
- Suspend or terminate your account
- Refuse refunds for the period in question
- Cooperate with law enforcement where legally required
We try to apply enforcement proportionally and with notice where possible. For genuine accidents (e.g. an unintended scan of a domain you don't own), email abuse@findrix.ai and we will work it out.
6. Reporting abuse
If you believe Findrix is being used to abuse a site you operate, report to abuse@findrix.ai with the affected domain and any logs you have. We respond within 24 business hours and will block the offending account if substantiated.
7. Changes
We may update this policy as new abuse patterns emerge. Material changes are posted here with at least 14 days' notice.
8. See also
- Terms of Service — your overall contract with Findrix
- Privacy Policy — how we handle data
- security.txt — security researcher contact
