NeuroStrike
Back

Acceptable Use Policy

Last updated: February 18, 2026

Authorization Required

You must have explicit written authorization to scan any system. Unauthorized security testing is illegal and may result in criminal prosecution under applicable laws, including the Norwegian Penal Code and EU Directive 2013/40/EU on attacks against information systems.

This Acceptable Use Policy ("AUP") governs your use of NeuroStrike's security testing platform, operated by NeuroStrike AS. By using our Service, you agree to comply with this policy. Violations may result in immediate suspension or termination of your account.

1. Authorization Requirements

Before scanning any target, you MUST have proper authorization.

1.1 Ownership Verification

For each target you scan, you must be able to demonstrate one of the following:

  • You are the legal owner of the target system
  • You are an authorized employee or contractor of the system owner
  • You have explicit written permission from the system owner
  • The target is part of a bug bounty program you are participating in

1.2 Documentation

You should maintain documentation of your authorization, including:

  • Signed authorization letters or contracts
  • Bug bounty program enrollment confirmations
  • Internal approval records for employee testing
  • Scope of testing agreements

NeuroStrike may request proof of authorization at any time. Failure to provide adequate documentation may result in account suspension.

2. Prohibited Activities

The following activities are strictly prohibited:

2.1 Unauthorized Access

  • Scanning systems without explicit authorization
  • Exploiting vulnerabilities to gain unauthorized access
  • Accessing, modifying, or deleting data without authorization
  • Bypassing security controls beyond the scope of authorized testing

2.2 Denial of Service

  • Intentionally disrupting or degrading target systems
  • Protocol flooding or resource exhaustion attacks
  • Distributed denial of service (DDoS) attacks
  • Network amplification attacks

2.3 Data Exfiltration

  • Stealing, copying, or exfiltrating sensitive data
  • Harvesting personal information or credentials
  • Intercepting communications without authorization

2.4 Malicious Activities

  • Deploying malware, ransomware, or other malicious code
  • Creating backdoors or persistent access mechanisms
  • Command and control (C2) infrastructure deployment
  • Cryptocurrency mining or resource hijacking

2.5 Third-Party Systems

  • Scanning shared infrastructure (e.g., cloud provider management consoles)
  • Testing third-party services without their explicit consent
  • Attacking upstream or downstream dependencies without authorization

3. Cloud Provider Compliance

When scanning systems hosted on cloud platforms, you must also comply with the provider's security testing policies:

3.1 Amazon Web Services (AWS)

AWS permits penetration testing on most services without prior approval. However, you must comply with their policy, which prohibits:

  • DNS zone walking via Route 53
  • Denial of Service attacks
  • Port flooding, protocol flooding, or request flooding

3.2 Microsoft Azure

Azure allows security testing without prior approval for most scenarios, but prohibits:

  • Any form of denial of service testing
  • Any form of automated traffic generation
  • Testing Azure services themselves (only your own resources)

3.3 Google Cloud Platform (GCP)

GCP allows security testing of your own projects without notification, subject to their Acceptable Use Policy. DoS testing and certain aggressive tests require prior approval.

4. Responsible Disclosure

If you discover vulnerabilities during authorized testing:

  • Report findings only to the authorized parties
  • Do not publicly disclose vulnerabilities without authorization
  • Follow coordinated disclosure timelines when applicable
  • Do not retain or share exploit code beyond what is necessary for remediation

5. Scan Configuration

When configuring scans, you should:

  • Set appropriate rate limits to avoid overwhelming target systems
  • Configure exclusions for sensitive paths (e.g., logout endpoints, payment processing)
  • Schedule scans during appropriate maintenance windows when possible
  • Monitor scan progress and stop if unexpected behavior occurs

6. Legal Compliance

You are responsible for ensuring your use of NeuroStrike complies with all applicable laws and regulations in your jurisdiction, including but not limited to:

6.1 Norway and the EEA

  • Norwegian Penal Code (§ 204 – Unauthorized access to data systems)
  • EU Directive 2013/40/EU on attacks against information systems
  • GDPR data protection requirements
  • National implementations of the NIS2 Directive where applicable

6.2 United States

  • Computer Fraud and Abuse Act (18 U.S.C. § 1030)
  • State computer crime laws
  • Industry-specific regulations (HIPAA, PCI-DSS, etc.)

6.3 United Kingdom

  • Computer Misuse Act 1990
  • UK GDPR and Data Protection Act 2018

6.4 Other Jurisdictions

Many countries have laws prohibiting unauthorized computer access. You must verify compliance with local laws before conducting security testing.

7. Risk Acknowledgment

By using NeuroStrike, you acknowledge that:

  • Security testing carries inherent risks, including potential service disruption
  • Scans may trigger security alerts or monitoring systems
  • False positives and false negatives may occur
  • You are solely responsible for the consequences of your scanning activities
  • NeuroStrike AS is not liable for any damages resulting from your use of the Service

8. Indemnification

You agree to indemnify and hold harmless NeuroStrike AS, its officers, directors, employees, and agents from any claims, damages, losses, and expenses arising from:

  • Your violation of this Acceptable Use Policy
  • Your unauthorized scanning activities
  • Your violation of any applicable laws
  • Any claims by third parties related to your testing activities

9. Reporting Violations

If you become aware of any violations of this policy, please report them to:

Include as much detail as possible, including account information, timestamps, and description of the violation.

10. Enforcement

Violations of this policy may result in:

  • Warning or notice of violation
  • Temporary suspension of scanning capabilities
  • Permanent termination of your account
  • Reporting to law enforcement authorities
  • Legal action to recover damages

We reserve the right to take immediate action without notice for severe violations.

11. Changes to This Policy

We may update this AUP from time to time. Material changes will be communicated via email or through the Service at least 30 days before they take effect. Continued use after such notice constitutes acceptance of the updated policy.

12. Contact Information

For questions about this Acceptable Use Policy:

Acceptable Use Policy | NeuroStrike