Acceptable Use Policy

Last updated: 10 April 2026

1. Scope

This Acceptable Use Policy ("AUP") applies to all use of the Panthero Platform operated by Carpathica Authentic Srl, including:

• The Panthero API (authenticated access via API keys)
• Free Tools (public IP reputation lookup and threat check)
• The client portal and dashboard
• Any software, plugins, or packages that interact with the Panthero API

This AUP is incorporated into our Terms of Service by reference. All Users - whether using Free Tools, Pay-As-You-Go, or Enterprise services - are bound by this AUP.

2. Prohibited Activities

You must not use the Platform to do any of the following:

2.1 Harming Individuals

• Using Threat Data to stalk, harass, threaten, or intimidate any individual.
• Using IP geolocation data to locate, track, or surveil individuals without a lawful basis.
• Publishing or sharing Threat Data in a way that exposes identifiable individuals to harm, discrimination, or reputational damage.
• Using the Platform to dox (publicly reveal private information about) any person.

2.2 Conducting Attacks

• Using the Platform to identify targets for cyberattacks, including but not limited to DDoS attacks, phishing campaigns, malware distribution, or network intrusion.
• Using IP reputation data to map network infrastructure for offensive purposes.
• Submitting malicious payloads, exploit code, or attack signatures in API requests or Free Tool inputs.
• Using the Platform as part of any workflow that results in unauthorized access to systems, data, or accounts belonging to third parties.

2.3 Reverse Engineering and Data Extraction

• Reverse-engineering, decompiling, or attempting to derive the source code, algorithms, or scoring models used by the Platform.
• Systematically extracting Threat Data to build, supplement, or improve a competing threat intelligence database or service.
• Reselling, sublicensing, or redistributing raw Threat Data to third parties, whether for profit or for free, without our prior written consent.
• Using the Platform output to train machine learning models for a competing service.

2.4 Circumventing Controls

• Circumventing, bypassing, or attempting to circumvent rate limits, authentication mechanisms, or access controls.
• Creating multiple Accounts to evade rate limits, bans, or usage restrictions.
• Using proxies, VPNs, or IP rotation specifically to bypass Free Tool rate limits (using a VPN for privacy in normal use is acceptable).
• Forging, spoofing, or manipulating API authentication credentials.
• Exploiting bugs, vulnerabilities, or errors in the Platform instead of reporting them to us.

2.5 Illegal Use

• Using the Platform in any way that violates applicable local, national, or international law or regulation.
• Using the Platform to facilitate fraud, money laundering, terrorist financing, or sanctions evasion.
• Submitting data to the Platform that you do not have a legal right to process.

2.6 Platform Integrity

• Interfering with or disrupting the Platform, servers, or networks connected to the Platform.
• Introducing viruses, worms, trojans, or other malicious code to the Platform.
• Overwhelming the Platform with requests intended to degrade performance for other Users (denial-of-service).
• Accessing or attempting to access other Users' Accounts, data, or API keys.

3. Free Tools - Specific Rules

In addition to the general prohibitions above, the following rules apply specifically to Free Tools:

• Manual use intended. Free Tools are designed for manual, interactive use by individuals. You may perform individual lookups as needed for your security research, incident response, or curiosity.
• No automated scraping. You must not use scripts, bots, crawlers, or any automated mechanism to submit queries to Free Tools. If you need programmatic access, use the API with a registered Account.
• Rate limits are final. If you hit the rate limit, wait for the cooldown period. Do not attempt to circumvent the limit. We do not publish exact rate-limit thresholds, and we adjust them based on overall platform load.
• No bulk lookups. Free Tools are not a substitute for API access. Submitting large volumes of lookups in a short period - whether manually or automatically - is a violation of this AUP.

4. API - Specific Rules

In addition to the general prohibitions above, the following rules apply specifically to authenticated API access:

• Credential security. Keep your API key and secret confidential. Do not embed credentials in client-side code, public repositories, or unencrypted configuration files. If you believe your credentials have been compromised, rotate them immediately in the portal and notify us at security@panthe.ro.
• Respect rate limits. Implement exponential backoff when you receive HTTP 429 (Too Many Requests) responses. Clients that persistently ignore rate-limit signals will be temporarily blocked.
• Accurate metadata. Do not falsify request headers, user agents, or other metadata in API requests.
• One Account per entity. Each legal entity (individual or organization) should use a single Account. Creating multiple Accounts to distribute requests across separate rate-limit pools is prohibited.
• Integration compliance. If you integrate the Panthero API into a product or service that you offer to your own customers, you are responsible for ensuring that your customers' use also complies with this AUP.

5. Monitoring and Enforcement

We monitor Platform usage to detect violations of this AUP. Monitoring includes:

• Automated detection of unusual request patterns, rate-limit abuse, and authentication anomalies.
• Manual review of flagged activity by our security team.
• Analysis of abuse reports submitted by users and third parties.

We make enforcement decisions at our sole discretion. We are not obligated to provide prior warning before taking action, though we will attempt to do so when circumstances allow.

6. Consequences of Violation

If we determine that you have violated this AUP, we may take one or more of the following actions, proportionate to the severity and nature of the violation:

1. Warning: A written notice identifying the violation and requiring you to cease the prohibited activity immediately.
2. Rate-limit reduction: Temporary or permanent reduction of your rate limits.
3. Temporary suspension: Suspension of your Account and API access for a defined period (typically 24 hours to 30 days).
4. Permanent termination: Permanent termination of your Account with no right to re-register. Outstanding invoices remain due.
5. IP blocking: Blocking your IP address or IP range from accessing the Platform, including Free Tools.
6. Legal action: Pursuing civil or criminal legal remedies, including claims for damages, injunctive relief, and referral to law enforcement authorities.

We may apply these consequences cumulatively. A warning does not preclude immediate suspension if the violation is severe. Violations that involve illegal activity, attacks on the Platform, or harm to individuals may result in immediate termination and legal action without prior warning.

7. Reporting Abuse

If you become aware of any use of the Platform that violates this AUP, please report it to us immediately:

• Email: abuse@panthe.ro

When reporting abuse, please include:

• A description of the violation
• Any evidence you have (screenshots, logs, IP addresses, timestamps)
• Your contact information (so we can follow up if needed)

We review all abuse reports promptly. We will not disclose the identity of the reporter to the alleged violator unless required by law.

8. Relationship to Terms of Service

This AUP is part of and incorporated into our Terms of Service. A violation of this AUP constitutes a breach of the Terms of Service. In the event of a conflict between this AUP and the Terms of Service, the Terms of Service prevail.

If you have questions about this Acceptable Use Policy, contact us at legal@panthe.ro.