CTI Platform
Threat Intelligence
Request access Login →
Terms of Service

Rules for access, use, and responsibility.

These Terms of Service explain how CTI Platform may be accessed and used, what is permitted, what is restricted, how responsibility is allocated, and what operational assumptions apply to the platform. This page is written as a product-facing terms summary for this deployment and should be adapted if a custom enterprise contract applies.
Last updated: 27 Apr 2026

1. Acceptance and scope

By accessing or using CTI Platform, the user or organization operating the account agrees to these Terms of Service.

These terms are intended for a security operations and threat intelligence platform, not for consumer social or publishing use. The platform is meant for authorized internal business, security, investigation, and defensive use.

If a separate signed agreement, procurement document, or enterprise contract applies to your deployment, that agreement may override portions of this public page.

2. Service description

CTI Platform may include, depending on deployment and enabled features:

Monitoring services
Collection and review surfaces for feeds, forums, breach-related intelligence, ransomware-related intelligence, social monitoring, and source operations.
Operational workflows
Runs, source health, items, alerts, indicators, artifacts, assets, notifications, and administrative controls.
Analyst functions
Filtering, triage, review, enrichment, asset matching, exports, and workflow state management.
Interfaces
Web UI, authentication flows, administrative pages, notification integrations, and API functionality where enabled.

3. Accounts and access

Access is restricted to authorized users. The organization or administrator managing the deployment is responsible for approving, assigning, and removing access.

  • Users must protect their credentials and must not share accounts unless explicitly permitted by the platform operator.
  • Administrators may suspend, disable, or revoke access when needed for security, policy, or operational reasons.
  • The platform may enforce controls such as MFA, session management, approval workflows, and failed-login handling.
  • Users are responsible for actions performed under their account unless they promptly report compromise.

4. Acceptable use

The platform may be used for lawful security, intelligence, defensive, investigative, and operational purposes. It must not be used in ways that violate applicable law, abuse the system, or endanger third parties.

  • No unauthorized intrusion, destructive testing, or unlawful access attempts using the platform.
  • No use of the platform to harass, extort, stalk, or target individuals unlawfully.
  • No credential sharing intended to bypass access controls, seat controls, or approval controls.
  • No attempts to interfere with platform integrity, disrupt availability, or bypass security mechanisms.
  • No use of data obtained through the platform outside authorized business or security purposes.
Threat intelligence data may involve sensitive contexts. Access to data does not create unlimited rights to republish, weaponize, or misuse it.

Authorized monitoring scope

Clients may only configure and monitor assets they own, operate, or have explicit documented authorization to monitor on behalf of the asset owner. This includes:

  • Domains, subdomains, and hostnames registered to the client organization or a group company.
  • Brand names, trademarks, and product names owned by the client or its group.
  • Email addresses and accounts belonging to the client organization's employees or systems.
  • IP ranges and ASNs allocated to the client or its group.
  • Keywords and identifiers that uniquely identify the client organization, its products, or its infrastructure.

Monitoring of assets belonging to third parties — including competitors, customers, individuals, or other organizations — is not permitted unless a separate written data processing or investigation agreement is in place and explicitly covers such monitoring.

Using this platform to collect intelligence on assets you do not own or control — without documented authorization — may constitute unauthorized access or surveillance under applicable law. It is prohibited regardless of technical capability.

5. Customer and platform data

The platform may store or process account data, security metadata, user-submitted configuration, monitored source output, operational records, and intelligence artifacts.

  • Users remain responsible for the data they input, configure, upload, or trigger through the platform.
  • The platform operator may process such data to deliver platform features, security controls, audit trails, and notifications.
  • Threat intelligence, monitored-source output, or enrichment results may be incomplete, delayed, duplicated, or later removed.
  • Some data may come from external or third-party sources and should not be treated as guaranteed accurate or complete without validation.

Dark web and external source limitations

  • No completeness guarantee. The platform monitors a defined set of sources. Dark web forums, markets, Tor-accessible resources, and breach aggregators are fragmented, ephemeral, and frequently change. Not all sources are indexed. A negative result — no alert — does not mean a threat does not exist.
  • Coverage gaps are expected. New dark web sources, private Telegram channels, invite-only forums, and air-gapped leak sites may not be covered. Coverage expands over time but is never exhaustive.
  • External data requires independent verification. Alerts and indicators derived from third-party sources are provided as signals, not confirmed facts. Before acting on a high-impact finding — such as credential exposure, targeted attack preparation, or data sale — users should independently validate the finding through additional investigation.
  • Data freshness varies. Some sources are crawled in near-real-time; others are ingested on a delayed schedule. Timestamps in alerts reflect collection time, not necessarily the original posting date on the source.

6. Availability and changes

The platform may change over time. Features, feeds, integrations, views, scoring logic, and workflows may be updated, improved, restricted, or removed as the system evolves.

  • No public statement on this page should be read as a permanent commitment that every feature or monitored source will always remain available.
  • Maintenance, upstream source changes, third-party service limits, or infrastructure failures may affect availability.
  • The platform operator may modify the service to improve security, stability, usability, or legal compliance.

7. Security and reporting

Users must promptly report suspected compromise, suspicious activity, accidental exposure, or misuse involving their account or the platform.

  • Accounts believed to be compromised may be locked, rotated, or suspended without advance notice.
  • Administrative and security logs may be reviewed to investigate misuse or incidents.
  • Users must not disable or attempt to bypass security controls implemented by the platform.

8. Disclaimers and liability

The platform is provided as an operational system for threat intelligence and security workflows. It is not a guarantee that every threat will be detected, correctly scored, or prevented.

  • Intelligence results, indicators, alerts, and source-derived content are provided on an informational and operational basis.
  • Users and organizations remain responsible for validating critical findings before acting on them in high-impact contexts.
  • To the maximum extent allowed by applicable rules, the platform operator disclaims implied warranties of uninterrupted operation, complete accuracy, merchantability, and fitness for a particular purpose.

This platform does not replace incident response or a SOC

This is a monitoring and alerting service. It surfaces signals and indicators of external exposure. It does not:

  • Respond to incidents. The platform generates alerts; it does not investigate, contain, or remediate incidents. Incident response requires dedicated personnel and processes separate from this service.
  • Operate as a Security Operations Centre. There is no 24/7 human monitoring of alerts on the client's behalf unless explicitly contracted. Alerts require the client's own review and triage.
  • Guarantee detection of active attacks. The platform monitors external exposure signals. It is not an EDR, SIEM, or network detection system. An absence of alerts does not indicate absence of compromise.
  • Provide forensic analysis. The platform records indicators and references to source material. Deep forensic investigation, malware analysis, and root-cause determination are out of scope.
  • Issue legal notifications. Where applicable law (GDPR, NIS2, etc.) requires breach notification to authorities or affected individuals, that obligation rests entirely with the client organization.
This page is a practical terms layer for the product. It is not legal advice and should not replace deployment-specific legal review where contract risk is material.

9. Suspension and termination

Access may be suspended or terminated for security reasons, policy violations, contract expiration, misuse, or administrative decision.

  • Accounts may be disabled immediately where misuse, compromise, or policy breach is suspected.
  • Termination of access does not necessarily require immediate deletion of all related operational records if retention is needed for audit, abuse prevention, or legal reasons.
  • On termination, continued use of the platform is no longer authorized unless access is restored explicitly.

10. Contact

Questions about these terms, enterprise contracting, deployment-specific legal requirements, or platform access should be directed to the organization or administrator operating this deployment.

To report a security vulnerability, see our Responsible Disclosure page.

CTI Platform · Terms of Service